The figure of the Data Protection Delegate (DPO) and the Compliance Officer are consolidating as crucial rolesin a constantly evolving and increasingly regulated business world.

Although many companies may think that these two figures perform similar functions, their responsibilities and competencies are different and, in many cases, complementary.

Data Protection and Compliance

Functions and competencies

The Compliance Officer is responsible for ensuring that a company operates in accordance with applicable laws and regulations. Above all, their work encompasses not only a thorough knowledge of the regulations. But also the creation and management of compliance programs that minimize legal and reputational risk to the entity.

Firstly, the DPO is essential to ensure that the personal data handled by the company is treated in accordance with the General Data Protection Regulation (GDPR) and other related local regulations, as is the case of Spain with the
Organic Law on Data Protection

The importance of a Compliance Officer is not merely formal. Companies that have an adequate compliance plan may be exempt from criminal liability, as long as they demonstrate that their prevention model is effective.

On the other hand, although the DPO has a consultative and advisory role. But its existence does not per se exempt the entity from possible sanctions by bodies such as the Spanish Data Protection Agency (Agencia Española de Protección de Datos). Spanish Data Protection Agency (AEPD).

Coordination between roles

Both roles, although with different functions and responsibilities, must work hand in hand in areas where their competencies converge. A clear example is the management of internal whistleblower channels where the privacy of the whistleblower, who could be a whistleblower, must be guaranteed whistleblower as well as the whistleblower.

This coordination is essential, especially when it comes to crimes of discovery and disclosure of secrets and others that could attribute legal liability to the company.

Towards a culture of compliance and data protection

Above all, the existence of a Compliance Officer and a DPO, although essential, is not an absolute guarantee of corporate integrity. They must be supported by clear policies, adequate training for all employees and a firm commitment from the company’s management to the corporate social responsibility policy.


At the end of the day, having these figures and policies in place is essential. But even more important is that the company internalizes them and implements them with conviction and seriousness. Only in this way will organizations be prepared to meet the challenges of today’s and tomorrow’s world in terms of compliance and data protection.

Compliance y Protección de Datos
wordpress whistleblower hotline