The EU General Data Protection Regulation requires that administrations, businesses and all entities processing personal data have a Data protection officer (DPO).

Convention 108+, which sets out the principles to be applied without the details of their implementation, does not formally requires such function. However, the implementation of the binding requirements it comprises implies that at least some organisation is put in place. A DPO is thus a good option.

To answer the numerous difficulties and questions from businesses and administrations facing that new function, the French data protection supervisor, CNIL, provides much guidance and published the English version of a Practical Guide on the DPO’s Role.