1. UK Data Protection Law
  2. Legislation (UK)
  3. Assimilated law
  4. 2016
Date-stamp loading
  1. Regulation 2016/679/EU - General Data Protection Regulation (UK GDPR) (Assimilated Law)
  2. Chapter IV Controller and processor (arts. 24-43)
  3. Section 4 Data protection officer (arts. 37-39)
  4. Article 37 Designation of the data protection officer
Previous Next
Version status: In force | Document consolidation status: Assimilated law updated to reflect all known changes
Version date: 31 December 2020
  Version 2 of 2    

Article 37 Designation of the data protection officer

1. The controller and the processor shall designate a data protection officer in any case where:

(a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

(b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10.

2. A group of undertakings may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment.

3. Where the controller or the processor is a public authority or body, a single data protection officer may be designated for several such author

Comparing proposed amendment...
Previous Next