1.Can DPO have another role in the company except this one?
Yes, as long as the role is not in a conflict of interest with the DPO role. Namely, the DPO shouldn’t approve his or her own processing operations. The DPO cannot be someone from marketing, or from sales, or from operations, or from legal department and so on. This is mentioned in article 38 – Position of the data protection officer – in GDPR, paragraph 6: “such tasks and duties do not result in a conflict of interests”.
2.Can a DPO be an external consultant/contactor
Yes. Article 37 - Designation of the data protection officer – paragraph 6 mentions that “The data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract.”