QUESTIONS AND ANSWERS
Please send us questions at firstname.lastname@example.org and we will answer them on this page
How to respond to an access request ?
As a sport organisation, do I need to hire a DPO ?
Art. 37 of the GDPR require the designation of a DPO in three specific cases
- where the processing is carried out by a public authority or body;
- where the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
- where the core activities of the controller or the processor consist of processing on a large scale of special categories of data7 or8 personal data relating to criminal convictions and offences.9
Various elements of this article haven’t been precisely defined: “large scale”, “systematic monitoring”, …
The EU Working Party produced guideline to help in the interpretation of Art 37 . Click here to download guidelines.
Two principles of these guidelines are specifically relevant :
- Even when it is not certain that a DPO is mandatory, the WP recommends to hire a DPO
- Unless it is obvious that an organisation is not required to designate a DPO, the WP29 recommends that controllers and processors document the internal analysis carried out to determine whether or not a DPO is to be appointed, in order to be able to demonstrate that the relevant factors have been taken into account properly.
Maison du Sport International
Avenue de Rhodanie 54
CH-1007 Lausanne Switzerland
+ 41 (0) 21 612 30 70