Bodies having appointed a Data Protection Officer (DPO/DPO)

The General Data Protection Regulation (GDPR) provides, since 25 May 2018, for the mandatory designation of a Data Protection Officer (DPO) in public services and, under certain conditions, by companies and associations. The delegate — also known as the Data Protection Officer (DPO) — is responsible for ensuring GDPR compliance with the processing of personal data of the body that designated him or her. Internal or external, the delegate may also be appointed on behalf of several bodies. To ensure the effectiveness of his/her tasks, the delegate shall: — must have specific professional qualities and knowledge; — must benefit from material and organisational resources, resources and positioning enabling it to carry out its tasks effectively and independently. To learn more about the role of delegate: https://www.cnil.fr/fr/devenir-delegue-la-protection-des-donnees. In accordance with the applicable texts, the CNIL shall publish in an open and easily reusable format the name and professional contact details of the bodies that have appointed a Data Protection Officer, as well as the means of contacting the Data Protection Officer. ** Warning 1:** The published data, including the public contact details of delegates, are **extracted from the designations of delegates as received by the CNIL** via its dedicated teleservice. Any delegate may request the modification of the contact details published directly to the CNIL’s Data Protection Officers Service. ** Warning 2:** **Any re-use of published data which would have the nature of personal data (telephone number, e-mail address, etc.) presupposes, on the part of the re-user, verification of the full fulfilment of his/her obligations under the GDPR**, in particular in terms of informing the delegates concerned and respecting their other rights as defined by the European Regulation. Otherwise, the re-user would in particular be exposed to the penalties provided for in the GDPR.