Data Protection Officer
The controller shall appoint an officer to be in charge of processing personal data.
- The identity and contact information of the officer shall be publicly disclosed, in a clear and objective manner, preferably on the controller’s website.
- Officer’s activities consist of:
- accepting complaints and communications from data subjects, providing explanations and adopting measures;
- receiving communications from the national authority and adopting measures;
- orienting entity’s employees and contractors regarding practices to be taken in relation to personal data protection, and
- carrying out other duties as determined by the controller or set forth in complementary rules.
- The national authority may establish complementary rules about the definition and the duties of the officer, including situations in which the appointment of such person may be waived, according to the nature and the size of the entity or the volume of data processing operations.