The GDPR demands the designation of a DPO if the core activities of Jobylon consist of processing operations which by virtue of their nature/scope/purposes require regular and systematic monitoring of data subjects on a larger scale or the core activities of Jobylon consist of processing of special categories of data on a large scale. Neither of these descriptions are fully applicable to Jobylon. Our core activity is to process personal data, but we do not process special categories of data on a larger scale and it is debatable whether or not our processing constitutes a “regular and systematic monitoring of data subjects”, especially on a large scale.
Nevertheless, we have appointed an external DPO (Fondia Legal Services AB). We believe that an external DPO is the best way for us to ensure the officer’s independence in relation to Jobylon’s management.