The Data Protection Officer | GDPR FAQ

Q: I am a data controller operating in the recruitment sector. Will I need to appoint a Data Protection Officer?

A: Not every data controller will necessarily need to appoint (or hire) a Data Protection Officer (DPO).

However, this is a matter which will need to be assessed on a case-by-case basis.

It might be worthwhile to seek legal advice to inform your decision on this subject.

References:

  • Article 37, GDPR
  • Article 38, GDPR
  • Additional Information:

    A Data Protection Officer may be needed to complete Data Protection Impact Assessments, or to oversee certain processes. Specifically: when an organisation processes large volumes of personal data; when processing may pose particular risk to individuals; or, when special categories of sensitive personal data are being processed.

    It is realistic to see how each of these situations could quite easily arise within the recruitment sector.

    A group of organisations may choose to appoint a single DPO to oversee processing across an entire data chain.