Data Protection Officers

Some controllers and processors are required to designate a data protection officer (DPO) in accordance with Articles 37 - 39 of the Applied GDPR. 

If a DPO is designated, Article 37(7) of the Applied GDPR requires that the controller or processor communicates the contact details of the DPO to the Commissioner. Those details, and any updates to the details, can be communicated by completing the form below and emailing it to

Information about the requirement for data protection officers and their role, tasks, designation and position can be found in the "Closer Look" guidance below.

References in the Closer Look guide to Articles and Recitals in the EU GDPR are the same as those in the Applied GDPR. 

See also the Article 29 Working Party Guidance on DPO's endorsed by the European Data Protection Board during its first plenary meeting:

 Article 29 Guidance on DPOs adopted in April 2017