With the application of the GDPR, thousands of Data Protection Officers are getting appointed. On the occasion of this significant development, the profession is adopting ethical rules.

AFCDP, French organisation that brings DPOs together and represents them, is publishing a Charter of Deontology in order to promote a culture of ethics and to ensure the positive development of the profession.

Data Protection Officers create value : they help different types of organisations, public or private, to achieve their strategic objectives while protecting their intangible assets and ensuring that actions and processes are in compliance with current regulations on the protection of personal data.

It is therefore necessary and appropriate for the profession to adopt a Charter of Deontology in order to maintain the confidence of the stakeholders in these professionals, as well as to guarantee the confidentiality, quality and integrity of their approaches and advice.

Data Protection Officers contribute to reducing the risks for data controllers. Therefore, this Charter is also beneficial to controllers and processors, insofar as it allows them to know what they can expect from their relations with their DPO, but also from the assistance they must provide in order to participate in the success of their tasks and missions.

By signing this Charter, the Data Protection Officer makes strong commitments. These necessarily rely on the support of the controller or processor. This is why this Charter must also be signed by them.

"We began our reflections on this Charter several years ago. It is the fruit of the work of a group of passionate members. We have also benefited from very constructive comments from the CNIL, which have been integrated and which gives value to our approach," says Paul-Olivier Gibert, President of the AFCDP.

DPOs Charter of Deontology

By signing this document, the Data Protection Officer undertakes, for example, to accept a designation only if he considers himself of herself competent to do so, which means that he or she has the necessary knowledge and resources to perform the function under the best possible conditions. The signing DPOs also undertake to "establish contacts with their colleagues to encourage exchanges of experience and the sharing of best practices and to invest in passing on their expertise to trainees or apprentices whom they could accompany".

Concerning the relationship between the Data Protection Officer and the data processor/controller, the Charter states that it is based on "trust and openness and requires that the professional’s approach be honest, faithful and diligent".
The Charter also provides for the end of the mission : "The data processor/controller shall ensure that the internal DPO pursues a normal career within the organization once his/her mission is completed".

The Charter also concerns external DPOs (as the GDPR allows controllers and processors to appoint DPOs under a service contract). Indeed, it deals with the absence and prevention of conflicts of interest." I encourage business leaders who wish to appoint me as their external DPO to sign the Charter. The ease with which they see it is for me an indicator of the quality of the conditions under which I carry out my mission with them," says Christophe Champoussin, Administrator of the AFCDP and data protection consultant.

Albine Vincent, head of the Data Protection Officers’ Service at the CNIL, stated that "The Charter of Deontology drawn up by the AFCDP is particularly emblematic of the professionalization of the DPOs. Every tool helping them in their activities is welcome.".

The very first Charter was signed by Damien Guermonprez, Managing Director of Lemonway, a fintech specialising in secure payment for the new economy : "As a data controller, I have to assume legal risks. It is therefore natural that I give my full support to the Data Protection Officer I have appointed. Indeed, I am the first beneficiary of the effectiveness of his actions". One of the first DPOs to have endorsed this ethical commitment adds "The joint examination of this Charter before signing it with the CEO of our company is a very useful exercise, because it makes it possible to review with the data controller the objectives and outlines of DPO’s mission".


20 novembre 2018
Repas mensuel parisien

23 novembre 2018
Conférence AFCDP/PACA

26 novembre 2018
Réunion du groupe "DPO externe"

27 novembre 2018
Réunion du groupe AFCDP Martinique

30 novembre 2018
Première réunion du groupe FALC

3 décembre 2018
Réunion du groupe "Banques et Finances"

14 décembre 2018
Réunion du groupe AFCDP Toulouse

16 janvier 2019
13è Université des DPO - Paris