Designate a Data Protection Officer in view of GDPR compliance.

Data Protection Officer (DPO) “as a Service”

Under the GDPR, it is mandatory for certain controllers and processors to designate a Data Protection Officer or “DPO”. 

Such appointment is even mandatory for all public authorities and bodies (irrespective of what data they process), and for other organisations that - as a core activity - monitor individuals systematically or process special categories of personal data on a large scale. In that respect, monitoring the behaviour of individuals includes all forms of tracking and profiling on the internet, including for the purposes of behavioural advertising.

A DPO may be a staff member of your organisation or may be contracted externally on the basis of a service contact. A DPO can be an individual or an organisation.

Aspects to be considered when appointing a DPO

1.  The DPO must have sufficient knowledge and experience in data protection law

As data protection officers become more prevalent in organizations, it is important to ensure that they have the necessary skills and knowledge to perform their role effectively. DPOs must be familiar with data protection law and best practices, as well as the specific data processing activities of their organization. They should also be able to develop and implement effective data protection policies and procedures.

2.  The DPO must be independent and have no conflict of interest

A DPO must be able to perform their duties in an objective manner. For this reason, one of the most important factors to consider is the independence of the DPO. 

The DPO must be independent from the organization's other functions and must not have any conflict of interest in relation to data protection issues. This means that the DPO should not be involved in decisions about data processing or data security, and should not have any direct financial or personal interests in the data being processed.

3.  The DPO must be accessible to data subjects, data controllers and employees

Data subjects and data controllers should be able to contact the DPO directly if they have any concerns about how their personal data is being processed.

The DPO should also be able to provide training to staff on data protection issues, provide guidance on general and specific topics, and should be available to answer any questions that staff may have.

4.  The DPO must be involved in data protection queries from data protection authorities

A DPO is the first point of contact for an official data protection authority. This entails that the DPO should not only be aware of the many ways on how your organization handles personal data and which steps were undertaken for ensuring compliance: the DPO should also be able to deal with queries from official authorities in a professional and efficient manner.

5.  The DPO must have adequate resources

The DPO must have adequate resources in order to effectively fulfil their role. This includes access to all necessary data, as well as the support of trained staff. Furthermore, the DPO must be given enough time to carry out their duties.

6.  The DPO must report to the highest level of management

The DPO must report to the highest level of management within the organisation. This ensures that data protection concerns are given the attention they deserve. It also allows for quick and effective decision-making in the event of any data protection issues.

Why outsource the DPO function to Pitch?

There are many reasons for outsourcing the DPO function: 

  1. to ensure that there is adequate expertise and knowledge within the organisation to deal with data protection issues;
  2. to deal with such issues in an objective, effective and efficient manner;
  3. to avoid any conflict of interest between the DPO and other members of staff;
  4. freeing up internal resources; and
  5. reducing costs. 

By outsourcing the DPO function to Pitch, you can also benefit from having access to specialist tools and resources, such as our Online Register of Data Processing Activities, our Online Data Processing management system, as well as our Online Data Protection Impact Assessment platform. As the specific Technology pages on our website show, these integrated tools will provide you full transparency and up-to-date information with respect to your GDPR / privacy law compliance.

Bart Lieben


What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.


Related services

View all
No items found.
Pitch Chatbot
Contact us right away
Pitch Chatbot
Hi there,
How can we help you today?
Start Whatsapp Chat
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info