Assign topic to the user
1.Can DPO have another role in the company except this one?
Yes, as long as the role is not in a conflict of interest with the DPO role. Namely, the DPO shouldn’t approve his or her own processing operations. The DPO cannot be someone from marketing, or from sales, or from operations, or from legal department and so on. This is mentioned in article 38 – Position of the data protection officer – in GDPR, paragraph 6: “such tasks and duties do not result in a conflict of interests”.
2.Can a DPO be an external consultant/contactor
Yes. Article 37 - Designation of the data protection officer – paragraph 6 mentions that “The data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract.”
You can find more details at these links:
- Article 37 – Designation of the data protection officer: https://advisera.com/eugdpracademy/gdpr/designation-of-the-data-protection-officer/
- Article 38 –Position of the data protection officer: https://advisera.com/eugdpracademy/gdpr/position-of-the-data-protection-officer/
- The role of the DPO in light of the General Data Protection Regulation: https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
- Free EU GDPR Data Protection Officer Course: https://advisera.com/training/eu-gdpr-data-protection-officer-course/
Comment as guest or Sign in
Feb 02, 2022