Designating a data protection officer

A data protection officer must be designated if your organisation

  • processes sensitive data on a large scale
  • monitors individuals regularly, systematically and on a large scale or
  • your organisation is a public authority (with the exception of courts).

Communicating the contact details of the Data Protection Officer

The contact details of the data protection officer must be communicated to the Office of the Data Protection Ombudsman.

The data protection officer's contact details must also be directly and easily accessible to the public. Data subjects can contact the data protection officer in all matters related to the processing of their personal data or the exercise of rights based on the GDPR. For example, the data protection officer can have a dedicated customer service telephone number or contact form on the company’s website.

If a personal data breach that must be communicated to the data subjects and data protection authority occurs within the organisation, the name and contact details of the data protection officer or other contact person for providing additional information must be included in the report.

Read more:
Declaration of Data Protection Officer
Change to Data Protection Officer declaration
GDPR: Articles 37‒39, recital 97 (EUR-Lex)
Guidelines on Data Protection Officers (pdf)