Data Protection Officer for Sensitive Data: When is it Mandatory?
If a company extensively processes special categories of data according to Art. 9 or criminal data according to Art. 10 GDPR as part of its core business, it is obliged to appoint a data protection officer. The article explains which data is affected, when the obligation applies, and what fines are threatened in case of violations.