According to Article 39 (1) of the GDPR, the tasks of the data protection officer are as follows:
Inform and advise the controller or the processor as well as the employees who carry out the processing on their obligations under this Regulation and other provisions of Union law or the law of the Member States in this area data protection.
Monitor compliance with this Regulation, other provisions of Union law or the law of the Member States on data protection and the internal rules of the controller or processor on the protection of personal data personnel, including with regard to the allocation of responsibilities, awareness-raising and training of personnel involved in processing operations, and related audits.
Provide advice, upon request, on data protection impact assessment and verify its execution under Article 35.
Cooperate with the supervisory authority.
Act as the contact point for the supervisory authority on matters relating to processing, including the prior consultation referred to in Article 36, and carry out consultations, as appropriate, on any other matter.
The main mission of the Data Protection Officer is to inform and advise management on the management of data processing. For this, it will in particular assist the data controllers, by helping them to collect the information necessary for the mapping of the processing operations and by validating their legality with the European regulations. He must then communicate to management, but also to employees, their rights and obligations in terms of personal data.