• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

EU Supervisory Authorities Disclose DPO Notification Tools

June 17, 2018 By Privacy, Cyber & Data Strategy Team

Shortly after the GDPR’s entry into application on May 25, 2018, several EU Supervisory Authorities have activated online Data Protection Officer (“DPO”) notification tools, allowing organizations to communicate the contact details of their DPO to the Supervisory Authorities, which is a requirement under Article 37 GDPR.

While the DPO Guidelines of the Article 29 Working Party (“WP29”; replaced by the European Data Protection Board, “EDPB”) do not emphasize the requirement to notify DPOs, Supervisory Authorities (“SAs”) view these notifications as important, and have made available step-by-step guidelines, or even full-fledged electronic notification tools in which organizations are asked to complete and provide (often) detailed information going beyond the GDPR-prescribed DPO “contact details”.

Depending on company structure and setup, an organization may decide to appoint several DPOs instead of one (arguably if no overlap), may choose to locate its DPO outside of the EU, and may even decide to outsource the task of a DPO to an external contractor. It is these types of information the Supervisory Authorities’ notification forms and tools try to obtain. Examples of DPO notification forms and requirements recently introduced in a number of EU jurisdictions are listed below:

  • Belgium: online form accessible here.
  • France: online form accessible here.
  • Germany:
    • SA of Baden-Württemberg: online form accessible here.
    • SA of Berlin: online form accessible here.
    • SA of Hessen: online form accessible here.
  • Ireland: online form accessible here.
  • Italy: online form accessible here.
  • Netherlands: online form accessible here.
  • Poland: instructions accessible here (no form is made available).
  • Spain: online form accessible here (registration is required).
  • Slovakia: instructions accessible here (no form is made available).
  • Sweden: online form accessible here.
  • UK: online form accessible here.

Organizations should also be mindful that some Supervisory Authorities have set deadlines to complete notification. The Netherlands and Poland are two of the more prominent examples, with deadlines set between June and September 2018. Most other authorities have not explicitly set deadlines, but often indicate that DPO appointment is a requirement that should have been complied with by May 25. Organizations may therefore want to track their DPO notification progress and work on completing notifications in relevant jurisdictions.

*          *          *

Alston & Bird and its Brussels-based EU Privacy Team is closely following DPA action and privacy litigation in the EU Member States.  For more information, contact Jim Harvey or David Keating.

Filed Under: Data Protection, GDPR, International, Privacy, Regulation Tagged With: Data Protection Officer, EU Data Protection, EU Privacy, EU Regulation, European Union (EU), GDPR, GDPR Implementation

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Recent Exploits of Blockchain Bridges Highlight Need for Cybersecurity in Crypto and Risk of Liability
  • Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report
  • CPPA Board Opposes American Data Privacy and Protection Act
  • SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies
  • UK Information Commissioner’s Office Issues Warning on Ransomware Payments
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.