Did you communicate the details of your DPO to the IDPC?

Under the General Data Protection Regulation, it is mandatory for certain controllers and processors to designate a Data Protection Officer.

This will be the case for all public authorities and bodies (irrespective of what data they process), and for other organisations that – as a core activity – monitor individuals systematically and on a large scale, or that process special categories of personal data on a large scale.

Even when the GDPR does not specifically require the appointment of a DPO, organisations may sometimes find it useful to designate a DPO on a voluntary basis. The Article 29 Data Protection Working Party (‘WP29’) encourages these voluntary efforts.

If your activities fall within the parameters of one of the criteria listed above, you must appoint a DPO, publish his or her details and communicate such details to the Office of the Information and Data Protection Commission on idpc.info@idpc.org.mt.   The details should include the following:

Data Controller, Name of DPO, Position, Mailing Address, Email Address, Contact Number, Nature of Business, Date of Appointment and whether the DPO is fulfilling this role for other data controllers.