2.1.1 ‘PUBLIC AUTHORITY OR BODY’
The GDPR does not define what constitutes a ‘public authority or body’. The WP29 considers that such a notion is to be determined under national law. Accordingly, public authorities and bodies include national, regional and local authorities, but the concept, under the applicable national laws, typically also includes a range of other bodies governed by public law [12]. In such cases, the designation of a DPO is mandatory.
[12] See, e.g. the definition of ‘public sector body’ and ‘body governed by public law’ in Article 2(1) and (2) of Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public-sector information (OJ L 345, 31.12.2003, p. 90).
A public task may be carried out, and public authority may be exercised [13] not only by public authorities or bodies but also by other natural or legal persons governed by public or private law, in sectors such as, according to national regulation of each Member State, public transport services, water and energy supply, road infrastructure, public service broadcasting, public housing or disciplinary bodies for regulated professions.
[13] Article 6(1)(e).
(EN) The article explains when and under what conditions a Data Protection Officer (DPO) should be appointed or hired. In most cases, at least one of the following conditions is sufficient for the company to be required to have a DPO:
…
Σύνδεση
για πρόσβαση στο πλήρες κείμενο