Data Protection Officer Appointment Agreement

This Data Protection Officer Appointment Agreement is made between PARTY_1_NAME whose principal place of business is at PARTY_1_ADDRESS_SINGLE_LINE (the "Controller") and PARTY_2_NAME whose principal place of business is at PARTY_2_ADDRESS_SINGLE_LINE. 

The Controller hereby designates PARTY_2_NAME as a Data Protection Officer ("DPO") under Article 37 of the GDPR. 

This appointment shall be effective from 05 May 2024 and shall last for a period of APPOINTMENT_LENGTH months.

Tasks of the DPO:

The DPO is engaged as a Data Protection Officer and shall fulfil the duties and tasks as outlined in Article 39 of the GDPR, including the following duties and tasks:

• To advise and inform the Controller, and any employees who carry on processing, about their obligations as imposed by the GDPR and any other applicable data protection law or regulation;
• Monitoring compliance with the GDPR and any other applicable data protection law or regulation;
• Monitoring the Controller’s strategy for personal data protection, including, but not limited to, monitoring how they allocate responsibilities, raise awareness, train staff involved in processing operations;
• To provide advice, where requested, regarding the data protection impact assessment and monitor its performance thereof (under Article 35 GDPR);
• To cooperate with the supervisory authority;
• To act as a contact point for the supervisory authority on issues relating to data processing, including the prior consultation regarding the data protection impact assessment (in accordance with Article 36 GDPR) and, where appropriate, advising on any other matter;
• To serve as the contact point, for data subjects to exercise their rights under Article 12-23 of the GDPR and to process all inquiries related to data processing activities.

Position of the DPO:

The DPO shall:

• At all times, directly report to the highest management level of the Controller;

........................................