One of the most publicized provisions of the European General Data Protection Regulation (“GDPR”) was the requirement that certain companies had to appoint a Data Protection Officer (“DPO”). The concept of a DPO was not new. Germany had for years required that most companies that processed personal data appoint a DPO, but the GDPR dramatically expanded the quantity of companies required to appoint a DPO and brought renewed attention to the role.
We polled 34 countries in the BCLP Data Network – a group of highly experienced privacy practitioners from around the world – to find out more about which countries around the world had followed the lead of the GDPR by requiring that a privacy or security officer (generically a “Data Officer”) be appointed, and which countries within Europe have gone beyond the GDPR to require that a DPO be appointed in situations not mandated by the GDPR itself.
Click here to read the Alert in full.