Public authorities and public-sector bodies such as Aarhus University must appoint a data protection officer. It is the data protection officer’s responsibility to advise the data controller and help the organisation comply with the data protection regulations. The obligation to appoint a data protection officer is part of the general data protection regulation’s focus on responsibility in relation to compliance with the data protection regulations.
The data protection officer provides advice and guidance and monitors compliance with data protection regulations. This includes, for example:
The data protection officer is the point of contact to the Danish Data Protection Agency and cooperates with the Danish Data Protection Agency on behalf of the data controller. For example, if an impact analysis shows that the processing of personal data would lead to high risk for data subjects and the organisation is obliged to contact the Danish Data Protection Agency before processing begins. Contact to the Danish Data Protection Agency can also take place in connection with Danish Data Protection Agency inspections or in relation to a specific complaint.