Last review date: 18 December 2024
☒ Yes
Notably, the appointment of a DPO is mandatory where the processing:
- would cause a high-level risk to the confidentiality and privacy of the data subject's personal data as a result of the adoption of new technologies or in connection with the volume of the data;
- involves a systematic and comprehensive assessment of sensitive personal data, including profiling and automated processing; or
- is carried out on a large volume of sensitive personal data.
Last review date: 18 December 2024
☒ Yes
If yes, under what circumstances?
☒ the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale
☒ the core activities of the controller or the processor consist of processing on a large scale of special categories of data
☒ other
Last review date: 18 December 2024
☒ Yes
The DPO is required to have adequate skills and knowledge of personal data protection law.
If yes, what are these requirements?
☒ other professional qualifications / experience
Last review date: 18 December 2024
There is no general licensing, registration or notification requirement under the PDPL. However, licenses and/or approvals may be required in certain circumstances, for example from the telecommunications regulator where providing a service which is reliant on Internet of Things technology.