Mandatory Appointment of a Data Protection Officer (DPO)
The amendment transforms the DPO role from a voluntary position into a regulatory requirement for:
- Public bodies
- Companies whose primary business is the collection of personal data for transfer to third
- parties as a business activity or for payment
- Organizations that engage in large-scale, systematic monitoring of individuals (e.g., telecommunications providers)
- Organizations that process highly sensitive data on a significant scale (e.g., banks, insurance companies, hospitals, and HMOs)
Similar to the GDPR, the DPO's role remains unchanged: ensuring compliance with the law, promoting data protection and security, serving as a knowledge and expertise hub, advising management and employees, developing training and monitoring programs, handling data subject requests, overseeing security policies, and acting as the contact point with the Privacy Protection Authority.