Do I need to appoint a Data Protection Officer (DPO)?
A free GDPR Data Protection Officer requirement assessment
Do I need to assign a Data Protection Officer? Take our free test to determine if you need to appoint a DPO.
- Free online check
- Uses GDPR Article 37 guidance
- Immediate answer
- 100% anonymous
Answer the questions and find out
This test is 100% anonymous. No data is stored about you or the result. This test is for information only. It is not advisory.
Simple Data Protection Officer check
I need to appoint a Data Protection Officer? This is a common question.
To find out if you need to appoint a Data Protection Officer, answer the questions.
All questions are taken from GDPR Article 37 – Designation of the data protection officer.
Contact us for more details about our products and services.
* regular is interpreted by the EU’s Article 29 Working Party as ongoing or occurring at particular intervals for a specific period, recurring or repeated at fixed times constantly, or periodically taking place.
* systematic is interpreted by the EU’s Article 29 Working Party as occurring according to a system, pre-arranged, organised or methodical, taking place as part of a general plan for data collection, or carried out as part of a strategy.
* monitoring; EU Article 29 Working Party examples are operating a telecommunications network; providing telecommunications services; email retargeting; data-driven marketing activities; profiling, and scoring for purposes of risk assessment (e.g. for purposes of credit scoring, the establishment of insurance premiums, fraud prevention, detection of money-laundering); location tracking, for example, by mobile apps; loyalty programs; behavioural advertising; monitoring of wellness, fitness and health data via wearable devices; closed circuit television; connected devices e.g. smart metres, smart cars, home automation, etc.
** large scale is open to interpretation. A known definition from the EU’s Article 29 working party in its publication Guidelines on Data Protection Officers is processing customer data in the regular course of business. If (for example) you process customer data in the ordinary course of business, you need to appoint a DPO.
*** special categories are what is sometimes referred to as sensitive data. Special categories are well-defined. They comprise racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic data, biometric data, health data, and data concerning a natural person’s sex life or sexual orientation.
Data Protection Controls
Calle de la Caléndula 93, Miniparc III, Edificio E, 28109, Alcobendas, Madrid, Spain
+34 915 553 975