2.6 Data Protection Officer (DPO)/ Data Protection Manager (DPM)

Your organisation must assess itself whether the designation of a Data Protection Officer as foreseen in Section 4 of the GDPR is mandatory or useful.

However, whenever your organisation decides not to designate a DPO, it is recommended to designate another person that supports the organisation to fulfill its data protection compliance obligations. Since the organisation has more flexibility regarding the concrete tasks it wants to confer to that person, it is defined in the TPOmap documentation as Data Protection Manager (DPM).

Since the DPO/DPM is overseeing an organisation’s Privacy Management Program, it will have access to the TPOmap Dashboard and have the broadest access rights to the TPOmap Documentation Depository.

These rights are the same, whether that person is designated as DPO, DPM or even as an internal contact point of an external DPO.

The exact role & responsibilities of the DPO/DPM should be explained in your organisation’s Privacy Management Policy.