# Data protection officer

# Bare Act

# Section 30(1)

Every significant data fiduciary shall appoint a data protection officer possessing such qualification and experience as may be specified by regulations for carrying out the following functions

(a) providing information and advice to the data fiduciary on matters relating to fulfilling its obligations under this Act;

(b) monitoring personal data processing activities of the data fiduciary to ensure that such processing does not violate the provisions of this Act;

(c) providing advice to the data fiduciary on carrying out the data protection impact assessments, and carry out its review under sub-section (4) of section 27;

(d) providing advice to the data fiduciary on the development of internal mechanisms to satisfy the principles specified under section 22;

(e) providing assistance to and co-operating with the Authority on matters of compliance of the data fiduciary with the provisions under this Act;

(f) act as the point of contact for the data principal for the purpose of grievances redressal under section 32; and

(g) maintaining an inventory of records to be maintained by the data fiduciary under section 28.

# Section 30(2)

Nothing contained in sub-section (1) shall prevent the data fiduciary from assigning any other function to the data protection officer, which it may consider necessary.

# Section 30(3)

The data protection officer appointed under sub-section (1) shall be based in India and shall represent the data fiduciary under this Act.

# Explanation

# Exemption

  1. Section 30 is not applicable to "small entity" (Ref:Section 39(1))
Last Updated: 12 Dec 2019