Ikonka home dla okruszków Legislation Your data – Your concern Implementation of the programme in the school year 2021/2022

Who can and who does not have to designate a DPO?

Art. 37 para. 1 of the General Data Protection Regulation provides for the obligation to designate a data protection officer for controllers and processors where:

  1. the processing is carried out by a public authority or body, except for courts acting in their judicial capacity.
  1. core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale.
  2. the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

In the interpretation of the notions used in Art. 37 para. 1 letters b and c of the GDPR („core activities”, „regular and systematic monitoring” and „on a large scale”) the recitals of the GDPR and Article 29 Working Party’s Guidelines on Data Protection Officers may be useful. 

phone
Infoline (in Polish) UODO 606-950-000 Operates on weekdays from: 10:00-14:00
© UODO 2018 - 2024
Copyright.
Urząd Ochrony Danych Osobowych
map pin ul. Stawki 2, 00-193 Warszawa
envelope kancelaria@uodo.gov.pl
clock Working hours of the office: 8 a.m. – 4 p.m.
© UODO 2018 - 2024
Copyright.