DPO
The Data Protection Officer (DPO) is a mandatory figure for administrations, public bodies, and judicial authorities, as well as for all entities whose main activities involve processing that, by its nature, scope, or purposes, require regular and systematic monitoring of data subjects on a large scale. This includes entities whose main activities involve large-scale processing of sensitive data related to health or sexual life, genetic, judicial, and biometric data.
The Data Protection Officer (DPO) shall, in particular:
a) Monitor compliance with the regulation by assessing the risks of each processing activity in light of its nature, scope, context, and purposes.
b) Collaborate with the data controller/processor, where necessary, in conducting a Data Protection Impact Assessment (DPIA).
c) Inform and raise awareness among the data controller or processor, as well as their employees, about the obligations arising from the regulation and other provisions on data protection.
d) Cooperate with the supervisory authority (Garante) and act as the point of contact for the supervisory authority on any matter related to processing.
e) Support the data controller or processor in all activities related to the processing of personal data, including maintaining a record of processing activities.
