Data protection coordinator

The data protection coordinator (also called a local privacy contact or decentralised data protection representative) is an organisational role that larger controllers establish to ensure effective data protection management. Unlike the data protection officer (DPO), the coordinator is not a statutory function with a special legal status, but an internal link that ensures the practical implementation of data protection requirements within individual departments, sites or group companies. The coordinator relieves the DPO of day-to-day tasks and helps spread privacy awareness across the breadth of the organisation.

Typical tasks of a data protection coordinator include maintaining the record of processing activities for their own area, contributing to data protection impact assessments, handling the initial intake of data subject requests, identifying and reporting data breaches to the DPO, and raising awareness and training colleagues. Clear separation of responsibilities is essential: the final expert advice, monitoring compliance with the GDPR and acting as the point of contact for the supervisory authority remain with the data protection officer. The coordinator acts under instruction and does not enjoy the DPO's statutory protection against detriment under Article 38(3) GDPR.

Establishing data protection coordinators is an expression of accountability (Article 5(2) GDPR) and of appropriate technical and organisational measures (Articles 24, 32 GDPR): in a large or decentralised organisation, a single DPO cannot operationally steer data protection across every area. A network of coordinators ensures short communication paths, early risk detection and consistent implementation. At the same time, the allocation of tasks must not undermine the independence and proper involvement of the DPO; roles, reporting lines and escalation paths should therefore be set out in writing in a data protection organisation or policy.