Last review date: 15 January 2025

Yes.

Last review date: 15 January 2025

Yes

If yes, under what circumstances? 

☒   the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale

☒   the core activities of the controller or the processor consist of processing on a large scale of special categories of data

☒   the organization employs more than a certain number of individuals in the jurisdiction

☒   other

• Public entities.
• If the data controller or data processor processes sensitive data as part of their core business.

Last review date: 15 January 2025

Yes

If yes, what are these requirements?

☒   legal qualifications / experience

☒   other

The DPO must have experience and knowledge in personal data protection, duly accredited.

Last review date: 15 January 2025

Yes.

In the National Registry of Personal Data Protection:

• It is mandatory to register the personal databanks owned by public or private entities. This registration is done via a notice, resulting in a final decision by the Authority. Since July 2021, data banks can be registered by completing a form through a virtual platform (instead of filing of a written form).
• It is mandatory to register cross-border flows of personal data. This registration is done via a notice, resulting in a final decision by the Authority.