A DPO is not compulsory in an organisation. However, in some cases, organisations are obliged to appoint one.
It is an obligation if it processes sensitive data on a large scale or involves large scale, regular and systematic monitoring of individuals. Noting that monitoring of individuals include all forms of tracking and profiling on the internet, including for the purposes of behavioural advertising.
Contrary to private organisations, public administration always have an obligation to appoint a DPO (except for courts acting in their judicial capacity).
The DPO may be a staff member of your organisation or may be contracted externally on the basis of a service contract, that can be either with an individual or an organisation.
How to choose a DPO?
A DPO must have an expert-level knowledge on data protection, and a good understanding of the way an organisation operates. The company must check first if the DPO has the status, skills and means necessary to carry out its missions. For example, he must have the time to dedicate to the task at hand in the company, and he cannot cumulate his function of DPO with another function in the structure, or receive orders from an outside structure. He must act independently and be protected in the exercise of his mission. There must be no conflict of interest so his place in the organization chart is delicate.
Various organisations, such as the CNAM of AFNOR provide a professional certification to recognize the professional’s competence based on the CNIL’s benchmark which set out, among other things, the conditions of admissibility of applications and the list of 17 skills and know-how expected to be certified as a DPO.
How much will it cost you?
Compliance is not cheap, that is a fact. And hiring a DPO does cost a bit to the company. For an external DPO, it can cost from 800 to 1000$ a day. An intern DPO, earns from 6000$ to 9000$. It is a huge investment that makes a lot of sense when we understand how complex the DPO's tasks are. Here's an overview of what a DPO is exactly and what his missions are.