Conditions for the appointment of a data protection officer
The appointment of a data protection officer shall be based on his professional competence, in particular expertise in data protection law and the enforcement of legislation in that field, as well as his ability to carry out the tasks assigned to him by data protection law.
Requirements for the data protection officer's expertise
In assessing what requirements must be made for the data protection officer's expertise, consideration must be given to the processing of personal data that is carried out and the requirements for the protection of the personal data that is involved in the processing.
When processing personal data is very complex or when there is extensive processing of sensitive information, there must be more demands on the data protection officer's expertise and the support he may need.
Important skills and expertise may include, for example:
expertise in national and European data protection laws and enforcement in this area;
understanding of the processing that is being carried out,
understanding of security and information technology issues,
knowledge of the company's operations,
ability to promote a culture of personal protection at the institution/entity concerned.
In the case of the government, the personal data protection officer should have knowledge of administrative law as well as the laws relating to the activities in question.
No special certification required
It should be noted that data protection officers do not need to have a special certification as data protection officers in order to be able to perform the job in question, although such certification can certainly be a sign that the person concerned has at least some knowledge of data protection legislation.
The data protection officer is not required to be a lawyer, but the person concerned must have a clear knowledge of the Data Protection Regulation and other laws that are relevant to the activity.
