According to Article 38 (1) of the GDPR, the function of the data protection officer can be summed up in six points:
The controller and the processor shall ensure that the data protection officer is involved, in an appropriate and timely manner, in all matters relating to the protection of personal data.
The controller and the processor help the data protection officer to perform the tasks referred to in Article 39 by providing the necessary resources to perform these tasks, as well as access to personal data and to operations treatment, and allowing him to maintain his specialized knowledge.
The controller and the processor ensure that the data protection officer does not receive any instructions regarding the performance of the duties. The data protection officer may not be relieved of his duties or penalized by the controller or the processor for the performance of his duties. The data protection officer reports directly to the highest level of management of the controller or processor.
Data subjects can contact the data protection officer on all matters relating to the processing of their personal data and the exercise of their rights under this Regulation.
The data protection officer is subject to professional secrecy or an obligation of confidentiality with regard to the performance of his duties, in accordance with Union law or the law of the Member States.
The data protection officer may perform other tasks and tasks. The controller or the processor shall ensure that these missions and tasks do not give rise to a conflict of interest.
The job of DPO (Data Protection Officer) is a growing business. It is highly sought after by businesses, increasingly aware of the importance of data protection. The DPO must ensure respect for the protection of personal data. He ensures the security and legal use of the data his organization has collected. He must ensure that his company is in good standing with the data it uses for business purposes.