The user answers 5-10 questions and gets results on whether it is necessary to designate a data protection officer. If organisations/companies need to designate a data protection officer, they will be provided with further guidance on the appointment, position, and tasks of the data protection officer.
Also, in the case of an obligation to designate, a report to be provided to the data protection authority shall be generated.
Assessment of the need to designate a data protection officer
Note! Here are just some examples of when an organisation/company is obliged to designate a data protection officer.
A data protection officer should be designated (regardless of the number of employees!) in three specific cases:
A) the processing is carried out by a public authority or body;
B) where the core activities of the controller or processor consist of processing operations which require regular and systematic monitoring of data subjects to a large extent; or
C) where the core activities of the controller or processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.
More on the EDPB Guidelines: https://ec.europa.eu/newsroom/article29/items/612048
