Dear HM Revenue and Customs,

Article 37 of the General Data Protection Regulation requires the designation of a data protection officer, if an organisation is carrying out particular activities.

I am trying to find out how organisations chose who would be the designated DPO, based on their professional qualities, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.

If the name of your DPO is not listed on the Information Commissioner’s Register,, then I am happy for you to redact this, however please provide any recorded information you hold which shows how your organisation went about designating a DPO.

Yours faithfully,

Alison Benson on behalf of FOI Central Team, HM Revenue and Customs

Our ref: FOI2019/00675

Dear Ms Benson,

Freedom of Information Act 2000 Acknowledgement

Thank you for your communication of 14th March which has been passed to
HMRC's Freedom of Information Team.

We have allocated the above reference which you should quote if you need
to contact us.

The Team will arrange for a reply to be sent to you which will either
comply with HMRC's obligations under Freedom of Information Act or, if we
think it's an enquiry that we don't need to address under the terms of the
Act, let you know why. If it is the latter we will, if possible, pass it
on to a more appropriate part of the Department for answer.

Yours sincerely

HMRC Freedom of Information Act Team on behalf of FOI Central Team, HM Revenue and Customs

2 Attachments

Dear Ms Benson,

I am writing in response to your request for information, received 14th

Yours sincerely,

HMRC Freedom of Information Team

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site . Find out more .