Watch our webinar! “Tricky sickness issues”

Privacy: Data protection officer

Publication date: 29 January 2015
With the upcoming European General Data Protection Regulation, the appointment of a data protection officer will become mandatory for certain businesses and organizations. What are the duties of this officer and what kind of businesses are required to appoint such an officer?

persoonsgegevens - ubo

What kind of businesses are required to appoint a data protection officer?

When the European General Data Protection Regulation will become effective, (probably in the course of 2015/2016), the following businesses and organizations must appoint a data protection officer:

  • businesses with more than 250 employees
  • companies processing data of more than 5000 persons within a period of 12 months
  • government authorities/public bodies

Data protection officer

The data protection officer – also referred to as privacy officer – is an independent person who monitors the general quality of the data protection policy of an organization. Therefore, while performing his tasks, he cannot receive instructions from you as the employer.

The data protection officer will control whether the processing of data in your company is in accordance with the Data Protection Act. If the data protection officer detects irregularities, he must report them to the person in charge or to the company he was appointed by.

In addition, the data protection officer is allowed to make recommendations. However, these recommendations have an advisory function only. Ultimately, it’s up to the person in charge whether to follow the advice of the data protection officer or not.

Appointing a data protection officer means you will have a “watchdog” within your company. However, appointing a data protection officer has advantages as well. You will have an in-house expert who can quickly provide insight on the right way of data processing. The national data protection agency will act reluctantly if the data protection officer performs his duties properly.


  • Check whether you are required to appoint a data protection officer.
  • Get a check on whether the tasks and competences of the data protection officer comply with the new European General Data Protection Regulation.

More information

Russell Advocaten will inform you regularly on the most recent developments regarding this General European Data Protection Regulation and its potential consequences for your business. Would you like to know more about the application of the new General Data Protection Regulation, or do you have any other questions on how to organize your company in the context of the new data protection regulation? Please contact:
Jan Dop, LL.M. (

    Share on social media

    • Expats
    • Employment law and dismissal

    17 June 2021: Employment Webinar “Tricky sickness issues”

    17 June 2021

    If your employee reports sick, this may raise many difficult questions. What are your reintegration obligations during the sick leave period? What are you allowed to record about your sick employee with regard to the privacy legislation? We answered these and other questions during a webinar. Watch the video!

    read on
    • Expats
    • Administrative law and the environment

    The Netherlands: Gateway to Europe

    3 May 2021

    The Netherlands likes to present itself as “the gateway to Europe.” And not without reason: excellent travel connections (Schiphol Amsterdam Airport and Rotterdam Seaport) and a highly educated population speaking several languages.

    read on
    • Fashion and luxury
    • Contracts

    Contracts: How to restrict internet resale?

    5 February 2021

    Internet sale offers a wide range of possibilities to reach consumers, but how can suppliers control the Internet resale of their products? What is permitted? And what isn’t? What are the rights of your distributors?

    read on
    • IT and ICT

    EU-US Privacy Shield invalid: now what?

    27 August 2020

    The EU-US Privacy Shield has been invalidated. This means that companies need another legal basis for the transfer of data of EU citizens to the US. What are their options?

    read on
    • IT and ICT
    • Corporate law

    2020: Mandatory registration in UBO register

    26 August 2020

    As of 27 September 2020, each newly established or already existing company in the Netherlands must register its UBOs in the UBO register at the Chamber of Commerce. How does that work? And how is the privacy of UBOs ensured?

    read on
    • Retail
    • Corporate law

    The strength of Russell Advocaten. What do our clients say?

    31 January 2020

    Quality, promptness and personal attention is of paramount importance to us. Read in this newsletter the experiences of five clients. Why do they engage our law firm? What do they think is the strength of Russell Advocaten and, above all, what do they get in return?

    read on
    • Fashion and luxury
    • Employment law and dismissal

    Can you use fingerprint scans of employees?

    12 December 2019

    As an employer, you want to protect your company and company data as much as possible. This can be done, for instance, by granting employees access to the computer, cash register or company premises only by means of their fingerprints. Is that still allowed after the introduction of the GDPR?

    read on
    • IT and ICT
    • Employment law and dismissal

    Using algorithms in the employment relationship

    11 October 2019

    The use of algorithms carries the promise of objectivity. People assume that algorithm outcomes are “neutral.” This neutrality is, however, an illusion. Algorithms are not as unbiased as we think, and the risk of discrimination looms. Employers should be aware of the limitations of algorithms and have a plan for dealing with them.

    read on