What happens when the DPO leaves?

View as Markdown
2 mins read • Legal Writer • GDPR • 13 August 2025
  1. Interim DPO solutions for urgent data protection needs
  2. Risk minimisation during a vacancy: interim DPO cover and controls

When a Data Protection Officer (DPO) departs, the organisation must promptly appoint a replacement and manage the practical consequences. Under Article 37 GDPR, the business is responsible for having a designated and available DPO whenever the criteria are met.

This involves not only notifying the Data Protection Agency of the change, but also ensuring continued advisory support, follow-up and documentation of ongoing data protection work. A vacancy in the DPO role can quickly affect compliance.

Interim DPO solutions for urgent data protection needs

For sudden departures or extended absence, an interim DPO is an effective way to maintain continuity. An interim solution also enables analysis and planning ahead of a long-term recruitment or procurement.

  • Rapid onboarding: A consultant can often start within days.
  • Full compliance: The role is filled in line with Article 37 GDPR.
  • External objectivity: Reduced conflict of interest risk.
  • Flexible scope: The engagement can be scaled up or down.

An interim solution can also act as a bridge during organisational change, for example ahead of a demerger or expansion. This is particularly relevant in sectors such as financial services and healthcare where high standards of data protection and privacy by design are critical. Where appropriate, an outsourced DPO or an outsourced data protection officer can provide structured cover and pragmatic DPO consulting.

Risk minimisation during a vacancy: interim DPO cover and controls

An unstaffed role increases the risk that misjudgements go unnoticed—especially during incidents, new processing activities or IT development where designing systems correctly from the outset is essential. It can also delay responses to data subjects or communications with the Data Protection Agency—quickly becoming a compliance risk.

To reduce risk, there should be a plan for temporary cover, a documented handover process and a clear list of live issues on the departing DPO’s desk. Structured handover documentation and a practical handover checklist help ensure continuity. An external DPO partner can also provide disciplined reporting and audit during the vacancy. An outsourced DPO model can deliver continuity and independent oversight across Europe.

At Morling Consulting, we provide both interim DPO solutions and strategic GDPR support with business acumen. We keep you moving—even when key roles change—and support organisations across Europe.

Material Design illustration showing three legal professionals in front of an AI chip, playground and surveillance symbols, representing IMY’s focus areas public AI, children’s privacy and law enforcement.

5 February 2026

IMY’s priorities for 2026 – what do they mean for your organisation?
Read more
Illustration of a startup GDPR compliance briefing, with team members reviewing a security checklist and data protection policy on a screen.

4 February 2026

GDPR in your start-up – how to build assurance and compliance
Read more
Anonymous lawyer in a suit presses a digital whistleblowing button inside a protective sphere, symbolising secure whistleblowing systems, employee privacy and internal controls under the AMLR.

3 February 2026

AMLR Articles 13–15: employee integrity, whistleblowing and internal control
Read more