Who should designate the person responsible for the protection of personal data

Andrei Săvescu
Andrei Săvescu

1. According to art. 38 para. 3 GDPR, Data Protection Officer (DPO) “responds directly to the highest level of the operator’s leadership”.

2. For reason identity, DPO designation should be done by the highest level of management.

3. The highest level of leadership is, for societies and associates, the general assembly.

4. Of course, the general meeting may delegate the task of designating the DPO to another governing body, but the DPO remains in charge of the general meeting.

Dr. Andrei Săvescu, Lawyer, Managing Partner SĂVESCU & ASOCIAȚII

LinkedIn | Facebook