Many companies are obliged by the GDPR to designate a Data Protection Officer (DPO). The obligation applies if the economic activities require processing of personal data on a large scale or of personal data that is considered sensitive.
Extended scope of the GDPR
The GDPR has a very broad scope of application; companies doing business within the EU will often be subject to the GDPR, even if they have no establishments in the EU. The GDPR applies already when a NON-EU COMPANY offers goods or services to individuals in the EU or monitors their behaviour (Art. 3 sec. 2 GDPR).
The General Data Protection Regulation (GDPR) creates a great level of nervousness among companies:
- “How should I start with the implementation?”
- “Which of my data processing activities are relevant?”
- “Under which circumstances I’m subject to fines?”