DPOs must only be appointed in the case of: (a) public authorities, (b) organisations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37). If you don’t fall into one of these categories, then you don’t have to appoint a DPO - although appointing one is, of course, still to be encouraged in the interests of good practice!
If you want to read more about how the GDRP will affect you and your business with regards to email and telephone marketing, find out more here
We strive to give you the best knowledge and expertise, drop us a message and our team will respond to your enquiry as soon as possible