Question

Which of the following are circumstances that require an organisation to appoint a DPO? Select all that apply. A.The core activities of the controller or processor include regular and systematic monitoring of data subjects on a large scale. B.The core activities of the controller or processor consist of large scale processing of special categories of data. C.The controller is a public authority.

Answer 1

An organization needs to appoint a Data Protection Officer (DPO) under three circumstances according to GDPR: systematic large-scale monitoring of data subjects, large-scale processing of special data categories, or if the controller is a public authority. So, options A, B, and C all necessitate a DPO.

Step-by-step explanation:

According to the General Data Protection Regulation (GDPR), there are three circumstances under which an organization must appoint a Data Protection Officer (DPO):

• If the core activities of the controller or processor include regular and systematic monitoring of data subjects on a large scale which is option A;
• If the core activities of the controller or processor consist of large scale processing of special categories of data or data relating to criminal convictions which is option B;
• Finally, if the controller is a public authority or body (except for courts acting in their judicial capacity) which is option C.

Therefore, all the choices provided (A, B, and C) require the appointment of a DPO.

Learn more about Data Protection Officer