The GDPR states that a Data Protection Officer may be a staff member of the controller or processor, or that it may perform the tasks on the basis of a service contract. ​The GDPR Data Protection Officer is designated on the basis of his/her professional qualities, his/her expert knowledge of data protection regulations and his/her ability to perform the tasks outlined below.

I offer expert GDPR Data Protection Officer services to my clients in Canada.

According to the GDPR, as a controller or processor, if you are a public body, perform data processing of data subjects on a large scale as a core activity, or perform data processing of data subjects on a large scale relating to criminal convictions and offenses, then you need a Data Protection Officer as part of your GDPR Compliance efforts. 


The Data Protection Officer:

  • cooperates with the relevant Privacy Commissioners

  • assigns responsibilities, raises awareness and trains staff

  • is the contact point for the relevant Privacy Commissioner 

  • is involved in all issues relating to the protection of personal data

  • monitors compliance with GDPR and the protection of personal data

  • is the point of contact of data subjects wishing to exercise their rights

  • informs and advises the controller or processor employees of their GDPR obligations 

  • provides advice for Data Protection Impact Assessments and monitors the deployment


Note that the independence of the data processor from the operations of the business is needed, to prevent conflicts of interest. Importantly, the controller or processor must publish the contact details of the Data Protection Officer, as well as communicate these to the relevant Privacy Commissioner.



©2018 by Canadian GDPR Compliance