!
No.
16
Data Protection
2019
23. The Data Commissioner may carry out periodical
audits of the processes and systems of the data controllers
or data processors to ensure compliance with this Act.
Compliance and
audit.
24. (1) A data controller or data processor may
designate or appoint a data protection officer on such terms
and conditions as the data controller or data processor may
determine, where—
Designation of the
Data Protection
Officer.
(a) the processing is carried out by a public body or
private body, except for courts acting in their
judicial capacity;
(b) the core activities of the data controller or data
processor consist of processing operations which,
by virtue of their nature, their scope or their
purposes, require regular and systematic
monitoring of data subjects; or
(c) the core activities of the data controller or the data
processor consist of processing of sensitive
categories of personal data.
(2) A data protection officer may be a staff member of
the data controller or data processor and may fulfil other
tasks and duties provided that any such tasks and duties do
not result in a conflict of interest.
(3) A group of entities may appoint a single data
protection officer provided that such officer is accessible by
each entity.
(4) Where a data controller or a data processor is a
public body, a single data protection officer may be
designated for several such public bodies, taking into
account their organisational structures.
(5) A person may be designated or appointed as a data
protection officer, if that person has relevant academic or
professional qualifications which may include knowledge
and technical skills in matters relating to data protection.
(6) A data controller or data processor shall publish
the contact details of the data protection officer on the
website and communicate them to the Data Commissioner
who shall ensure that the same information is available on
the official website.