“The Role and Duties of the Data Protection Officer” was the topic of the two-day activity held by the Information and Data Protection Commissioner’s Office with representatives of public and private sector institutions. The activity aimed to provide a detailed description of the role and responsibilities of DPOs, in accordance with the new Law 124/2024 “On the Protection of Personal Data”. Commissioner Mr. Besnik Dervishi, in his opening speech, emphasized that the designation of Data Protection Officers is a legal obligation for both the public and private sectors, which must designate a responsible person who will carry out this important task. Mr. Dervishi emphasized that every controller and processor must ensure that its activity is carried out in accordance with the requirements of the legislation on the protection of personal data, as well as take the necessary measures to implement the tasks specified in Law no. 124/2024. He further added that the role of this officer is no longer simply formal, but of particular importance in the implementation of legal requirements, and for this reason, continuous training and awareness campaigns will be conducted.

Commissioner Dervishi also informed that the Electronic Register of Data Protection Officers will be created by the office he heads, by Decision of the Council of Ministers, which will contain data on each Officer designated by controllers and processors.

The Director General for Personal Data Protection, Ms. Pjerina Mema, provided a more detailed description of this legal obligation, specifically on the criteria for selecting DPOs, their duties, the creation of a network of these officers, as well as independence and avoidance of conflict of interest within the authority.

Attendees from the public and private sectors asked their questions regarding the manner of exercising this function as well as the challenges that may be encountered in practice regarding the exercise of this function.

Law No. 24/2024 “On the Protection of Personal Data” is a law fully aligned with the General Data Protection Regulation of the European Union 2016/679 (GDPR), bringing innovations in the field of security and protection of personal data.