The Greek Data Protection Authority issues an announcement on the need of certification of DPOs


As we get closer to May 2018 when the GDPR will enter into force, the discussions on whether organisations should appoint a DPO and what qualifications such person should meet have significantly increased.

The GDPR indeed establishes the obligation for a DPO on all public authorities and also on these private companies that conduct “heavy” data processing activities, namely their core activity is either to monitor individuals systematically and on a large scale or to process special categories of personal data on a large scale as well. The appointment of a DPO is most probably the obligation of the GDPR that has attracted most attention.

Recently the Greek DPA issued an announcement regarding the certification of DPOs, which most probably came as a response to the overwhelming increase of educational programs and seminars currently offered in the Greek market and the provision of certification services for DPOs locally.

In its announcement the DPA made clear that:

  • the GDPR neither imposes an obligation for certification of a DPO nor does it encourage such certification on a voluntary basis
  • the offered seminars or programs do not constitute a certification of professional qualifications or skills of a DPO and  
  • currently there is no accredited organisation in Greece that may provide such certifications.

The above announcement of the DPA, which generally follows the views adopted by the Working Party of Article 29 in the Guidelines on DPOs issued on 13.12.2016, puts things straight regarding the professional skills and certifications required for DPOs. There is no doubt that the DPO should have a good level of knowledge of data protection laws and practices, but this knowledge should not be merely based or evidenced by the DPOs participation in an educational program, which is determined both in terms of scope and quality by the organisations that offer them.

Article provided by:

  • Takis Kakouris, Partner, Zepos & Yannopoulos
  • Mary Deligianni, Senior Associate, Zepos & Yannopoulos


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Hö


What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.