This issue focuses on the appointment and role of the Data Protection Officer ("DPO") and includes the guidelines and FAQs issued recently by the Article 29 Working Party ("Article 29 WP"). These documents are of particular importance as they provide guidance on how to interpret the GDPR requirements regarding the appointment of a DPO. It appears that the Article 29 WP interprets the appointment criteria very broadly. Consequently, many companies - probably many more than initially expected - will be obliged to appoint a DPO.

The Article 29 Working Party's guidelines are not yet final and stakeholders may submit comments through January 2017 to JUST-ARTICLE29WP-SEC@ec.europa.eu or presidenceg29@cnil.fr.