Dear HM Revenue and Customs,
Article 37 of the General Data Protection Regulation requires the designation of a data protection officer, if an organisation is carrying out particular activities.
I am trying to find out how organisations chose who would be the designated DPO, based on their professional qualities, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.
If the name of your DPO is not listed on the Information Commissioner’s Register,, then I am happy for you to redact this, however please provide any recorded information you hold which shows how your organisation went about designating a DPO.
Our ref: FOI2019/00675
Dear Ms Benson,
Freedom of Information Act 2000 Acknowledgement
Thank you for your communication of 14th March which has been passed to
HMRC's Freedom of Information Team.
We have allocated the above reference which you should quote if you need
to contact us.
The Team will arrange for a reply to be sent to you which will either
comply with HMRC's obligations under Freedom of Information Act or, if we
think it's an enquiry that we don't need to address under the terms of the
Act, let you know why. If it is the latter we will, if possible, pass it
on to a more appropriate part of the Department for answer.
HMRC Freedom of Information Act Team