Debora Cohen publishes an article on a company’s DPO function

November 13, 2020

Article 37 of the General Data Protection Regulation (GDPR) requires companies to appoint a Data Protection Officer (DPO in English or DPD in French) when :

  • the processing is carried out by a public authority or public body, with the exception of the courts; or
  • the company’s core business consists of operations, which due to their nature, scope or purpose, require the regular and systematic monitoring of data on a large scale; or
  • the company’s core business consists of the large-scale processing of sensitive data or data relating to convictions or offences.

Nevertheless, many companies decide to designate a DPO, although they do not fall within any of the mandatory designations mentioned above.

Debora Cohen has published an article on this function, of a company’s DPO, in issue n°78 of the law issue of NTIC, IT, trademarks, patents, GDPR of the Journal du Management juridique du Village de la Justice, in French.

You can read the article on page 26 of the journal accessible at the following page : or in PDF format accessible here.