Pursuant to Article (8) of the Law, the legal representative of the juristic person of any of the controller or the processor shall appoint a competent employee as a Data Protection Officer (the “DPO”) within its entity to be responsible for personal data protection. Such DPO must be registered on  the DPO register at the Centre. The DPO shall be responsible for enforcing the provisions of the Law and the decisions of the Centre, as well as monitoring and supervising the procedures applicable within the entity and receiving requests related to personal data. The DPO shall, in particular undertake the following:

• Perform a regular evaluation and inspection of the personal data protection systems and avoid infringement thereto as well as documenting the results of such evaluation and issuing the necessary recommendations for its protection.
• Act as a direct contact point with the Centre and implement its decisions, with respect to the application of the provisions of the Law.
• Enable the data subject to practice its rights stipulated under the Law.
• Notify the Centre of the occurrence of any breach of personal data within his entity.
• Reply to the requests submitted by the data subject or any relevant person and reply to the complaints filed by them to the Centre.
• Follow-up the registration and update the personal data records held by the controller, or the processing activity records held by the processor, to guarantee the accuracy of the data and information recorded therein.
• Eliminate any transgressions related to personal data within its entity and undertaking the corrective actions related thereto.
• Organise the necessary training programs for the employees of the relevant legal entity, which are required to have sufficient qualifications that comply with the requirements stipulated by the Law.