Register Your DPO

Article 37 of the GDPR imposes an obligation on a data controller and a data processor to designate a data protection officer where:

1. the processing is carried out by a public authority or body, except for court acting in their judicial capacity;

2. the core activities of the controller or processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

3. the core activities of the controller or processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offenses referred to in Article 10.

If your activities fall within the parameters of one of the criteria listed above, you must appoint a DPO, publish his or her details and communicate such details to this Office on [email protected].

The details should include the following:

Data Controller, Name of DPO, Position, Mailing Address, Email Address,
Contact Number, Nature of Business, Date of Appointment,
and whether the DPO is fulfilling this role for other data controllers.​

You may click on this link​ for guidelines adopted by the EDPB on Data Protection Officers.

Skip to content