To strengthen the position of the Data Protection Officer (DPO) and ensure quality, work is currently underway on a quality register for and by DPOs. All efforts are aimed at the actual establishment of the Dutch (formerly National) Register for Data Protection Officers (NRFG) by the end of 2025.

The General Data Protection Regulation (GDPR) has been in effect across the European Union since May 25, 2018. The GDPR is often perceived in the field as too complicated and a hindrance to doing what is right and necessary. Secretary of State for Legal Protection Struycken emphasized in his speech at the celebration of 15 years of the Charter of Fundamental Rights of the European Union at the Dutch Data Protection Authority the importance of strengthening the position of the DPO. The DPO can alleviate the fear of the GDPR among organizations and governments and break through indecisiveness. Ensuring quality and strengthening the position of the DPO are crucial for better compliance with the GDPR by both organizations and governments.

The role and duties of a DPO are largely legally defined in the GDPR and Directive 2016/680. According to Article 37 of the GDPR, appointing a DPO is mandatory for certain organizations, including governments. A DPO plays a valuable role in and for society. The DPO monitors compliance with and application of relevant laws and regulations regarding privacy and personal data processing within an organization.

Although the role and tasks of the DPO are legally guaranteed, in principle, anyone can call themselves a DPO. This can lead to significant differences regarding the substantive level of DPOs. To address this, a quality register will be established. DPOs must meet minimum quality requirements to be included.

In early 2023, CIP, the Center for Information Security and Privacy Protection, commissioned by the Ministry of Justice and Security, began an exploratory study into the possibilities for improving the position of the DPO. Various stakeholders and individuals in the public and private sectors, knowledgeable about and experienced with the GDPR and the directive and the challenges involved, were consulted for this exploration. It can be concluded from this that a register, the Dutch Register for DPOs (the NRFG), could provide a quality boost. The NRFG can also ensure more cohesion among DPOs and further professionalize the DPO function, thereby helping to improve data protection oversight and strengthen the position of the DPO. Clearer quality characteristics within the profession can also lead to recognition and acknowledgment of a good DPO. The NRFG is for, by, and of the profession itself, and registration in the register is not mandatory. All efforts are aimed at the actual establishment of the NRFG by the end of 2025. The Ministry of Justice and Security supports this initiative to strengthen the position of DPOs and ensure quality.

In the coming weeks, work will be done on a webpage with more information, including a FAQ page.