European Data Protection Supervisor
European Data Protection Supervisor

DPO Corner

DPO Corner

Getting started

In this section, you will find background and other practical documents, containing essential information for you to carry out your Data Protection Officer (DPO) tasks and mission.

The Position papers on Professional Standards for Data Protection Officers and on the role of a Data Protection Officer are complemented by a brief presentation on “The DPO at work” which gives tips and best practices for a professional Data Protection Officer.

Firstly, however, you may want to recap on what the decision appointing a DPO should contain. Thereafter, you can review the implementing rules concerning the tasks, duties and powers of the DPO adopted by your body. The guidelines contained here, illustrated with an example, are helpful in drafting these rules.

Article 26 of Regulation 45/2001 states that “A register of processing operations notified in accordance with Article 25 shall be kept by each Data Protection Officer”. To help you keep such a register, the EDPS advises that you first identify all the processing operations in an inventory.

It is then easier to identify processing operations that should be notified to you in accordance with Article 25. A template of an Article 27 notification together with instructions will also allow you to properly notify your risky processing operations to the EDPS.  

Please include an editable version of the notification form (not only a pdf version). In areas for which the EDPS has issued Guidelines, controllers and DPOs are invited to use the EDPS Guidelines as a practical reference. Notifications submitted for prior checking in these fields should include a cover letter highlighting specific aspects vis à vis the position of the EDPS as expressed in the concerned thematic Guidelines. Indeed, in accordance with the procedure followed for a thematic approach, the EDPS will issue a "mini prior check opinion" which will analyse and highlight only those practices which do not seem to be in conformity with the principles of the Regulation and with the thematic Guidelines. Please note that until receipt of such a cover letter the processing of the concerned notification will be suspended by the EDPS.

We also thought it would be useful for you if we included some tips and presentations on how to raise awareness within your institution as well as templates of privacy statements .

Lastly, there is also an e-learning module available on data protection. This module offers learners a practical introduction to Personal Data Protection and the Regulation (EC) N° 45/2001 (Course code: CTO_EL00DATAPROX). Those who are interested should address their request to their training manager in order to enrol in Syslog.