DPO enforcement programme – an additional 170 organisations brought into compliance


The Data Protection Commission has completed a stage in its Data Protection Officer (DPO) enforcement programme, aimed at improving compliance with Article 37 of the GDPR.

The project, which was initiated in 2020, assessed the compliance of public bodies with their obligations under Article 37.7 of the GDPR, which mandates that public bodies are among the specific categories of data controller required to appoint a DPO and notify the DPO’s details to the relevant Supervisory Authority.

The DPO role continues to evolve with challenges looking set to increase in complexity. Data protection is a rapidly evolving and advancing area of law and requires specific resources and abilities. The DPC website undertakes to continue populating the dedicated area on its website for DPOs and is keen to see skill and resourcing levels rise in this area as responsibility and accountability under GDPR necessarily rest with the data controller in the first instance.

Business and Organisation leaders are encouraged to be up-to-date about data protection rules including DPO requirements as they apply to their areas of responsibility. The GDPR is no longer ‘new’!