What is a DPO?

Data protection officer (DPO)

Public authorities and public-sector bodies such as Aarhus University must appoint a data protection officer. It is the data protection officer’s responsibility to advise the data controller and help the organisation comply with the data protection regulations. The obligation to appoint a data protection officer is part of the general data protection regulation’s focus on responsibility in relation to compliance with the data protection regulations. 

The data protection officer’s responsibilities

The data protection officer provides advice and guidance and monitors compliance with data protection regulations. This includes, for example:

  • Advice and guidance for management and employees at AU on questions about data protection, in connection with the preparation of impact analyses, in case of violation of rules etc, or when in doubt about processing of personal data.
  • Advice in connection with the purchase of a new IT system, the preparation of data policies or compliance with the regulations in relation to specific processing of personal data.
  • Monitoring compliance with data protection regulations at AU and the internal policies in this area.

The data protection officer and the Danish Data Protection Agency

The data protection officer is the point of contact to the Danish Data Protection Agency and cooperates with the Danish Data Protection Agency on behalf of the data controller. For example, if an impact analysis shows that the processing of personal data would lead to high risk for data subjects and the organisation is obliged to contact the Danish Data Protection Agency before processing begins. Contact to the Danish Data Protection Agency can also take place in connection with Danish Data Protection Agency inspections or in relation to a specific complaint.