/Docs/G/EU-GDPR-Law-CmA/Sec/Article/37.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
Ti = Article 37 - Designation of the data protection officer
1.0.sec = The {_controller} and the {_processor} shall designate a data protection officer in any case where:
1.1.sec = the {_processing} is carried out by a {_public_authority_or_body}, except for courts acting in their judicial capacity;
1.2.sec = the core activities of the {_controller} or the {_processor} consist of {_processing} operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of {_data_subjects} on a large scale; or
1.3.sec = the core activities of the {_controller} or the {_processor} consist of {_processing} on a large scale of special categories of data pursuant to Article 9 and {_personal_data} relating to criminal convictions and offences referred to in Article 10.
1. = [G/Z/ol-a/s3]
2.sec = A {_group_of_undertakings} may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment.
3.sec = Where the {_controller} or the {_processor} is a {_public_authority_or_body}, a single data protection officer may be designated for several such authorities or bodies, taking account of their organisational structure and size.
4.sec = In cases other than those referred to in paragraph 1, the {_controller} or {_processor} or associations and other bodies representing categories of {_controllers} or {_processors} may or, where required by Union or Member State law shall, designate a data protection officer. The data protection officer may act for such associations and other bodies representing {_controllers} or {_processors}.
5.sec = The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.
6.sec = The data protection officer may be a staff member of the {_controller} or {_processor}, or fulfil the tasks on the basis of a service contract.
7.sec = The {_controller} or the {_processor} shall publish the contact details of the data protection officer and communicate them to the {_supervisory_authority}.
= [G/Z/ol/s7]