The primary role of the data protection officer (DPO) is to monitor compliance with the applicable data protection rules. DPO:

  • ensures that controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raise awareness about them.
  • gives advice and recommendations about the interpretation or application of the data protection rules.
  • maintains records of all data processing activities conducted by organisation.
  • conducts regular assessments and audits to ensure GDPR compliance.
  • handles queries or complaints on request by the institution, the controller, other person(s).
  • cooperates with the controller (responding to its’ requests about investigations, complaint handling, inspections conducted etc.).
  • ensures that data subjects’ requests to see copies of their personal data or to have their personal data erased are fulfilled or responded to, as necessary.
  • draws attention to any failure to comply with the applicable data protection rules.
  • trains employees on GDPR compliance requirements.

The role of DPO is mandatory under GDPR in these specific cases:

  1. where a public authority or body carries out data processing;
  2. where the core activities of the controller or the processor consist of processing operation which require regular and systematic monitoring of data subjects on large scale;
  3. where the core activities consist of large-scale processing of special categories of data or personal data relating to criminal convictions and offences.

All other organisations that are not legally obliged may voluntarily designate the DPO. The GDPR allows to choose whether the functions of Data Protection Officer will be performed by an employee or external expert.

ECOVIS ProventusLaw provides the services of Data Protection Officer.

Loreta Andziulytė

Attorney at law, Partner of the Law Firm, Certified Data Protection Expert, Lawyer

Contact person