Skip to main content

The Greek Data Protection Authority issues an announcement on the need of certification of DPOs

Takis Kakouris & Mary Deligianni, Partners of EuroCloud CPC Network

As we get closer to May 2018 when the GDPR will enter into force, the discussions on whether organisations should appoint a DPO and what qualifications such person should meet have significantly increased.

The GDPR indeed establishes the obligation for a DPO on all public authorities and also on these private companies that conduct “heavy” data processing activities, namely their core activity is either to monitor individuals systematically and on a large scale or to process special categories of personal data on a large scale as well. The appointment of a DPO is most probably the obligation of the GDPR that has attracted most attention.

Recently the Greek DPA issued an announcement regarding the certification of DPOs, which most probably came as a response to the overwhelming increase of educational programs and seminars currently offered in the Greek market and the provision of certification services for DPOs locally.

In its announcement the DPA made clear th

  • the GDPR neither imposes an obligation for certification of a DPO nor does it encourage such certification on a voluntary basis
  • the offered seminars or programs do not constitute a certification of professional qualifications or skills of a DPO and  
  • currently there is no accredited organisation in Greece that may provide such certifications.

The above announcement of the DPA, which generally follows the views adopted by the Working Party of Article 29 in the Guidelines on DPOs issued on 13.12.2016, puts things straight regarding the professional skills and certifications required for DPOs. There is no doubt that the DPO should have a good level of knowledge of data protection laws and practices, but this knowledge should not be merely based or evidenced by the DPOs participation in an educational program, which is determined both in terms of scope and quality by the organisations that offer them.

Article provided by:

  • Takis Kakouris, Partner, Zepos & Yannopoulos
  • Mary Deligianni, Senior Associate, Zepos & Yannopoulos

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.