Article 37 - Designation of the data protection officer

Article 37 of the GDPR obliges controllers and processors to appoint a Data Protection Officer when their core activities consist of regular or systematic monitoring of data subjects on a large scale, or when they process special categories of personal data or criminal convictions, ensuring compliance with the regulation.