Can more than one DPO be designated?

Data protection regulations do not provide for the designation of more than one DPO. Both inside the organisation that is the data controller and in external relations, it must be clear to everyone who performs this important function and is responsible for monitoring the compliance of personal data processing with the law. In other words: this person should be clearly identified by the organisation’s management both to all those employed in the processing of personal data and, externally to the organisation, to the data subjects and the supervisory authority.

For data subjects and the supervisory authority, the DPO is the contact point in accordance with Articles 38(4) and 39(1)(e) of the GDPR. The provisions of the the Act of 10 May 2018 on the Protection of Personal Data (Article 11) require controllers and processors who have designated a DPO to provide the DPO's name and email address or phone number available on their website. If the controller or processor does not maintain its own website, it shall provide information about the DPO in a commonly available manner at the place of business. The DPO’s data in the above regard must also be provided to the President of the Office (Article 10).