Many companies prefer to name a DPO internally from their existing workforce. However, there are important qualifications that must be considered when designating a DPO.
A DPO must have the following competencies:
- Expert knowledge of relevant data protection law: GDPR and national laws (BDSG, TMG, TKG)
- Legal understanding
- Extensive technical expertise
- Knowledge of the IT basic protection catalogues of the Federal Office for Information Security (BSI)
- Ideally, relevant data protection certifications
- Reliability and personal integrity