GDPR DPO Job Description

Answer:

According to Recital 97 of the GDPR “data protection officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner.”

Also, art.38 of the EU GDPR -“The data protection officer may fulfill other tasks and duties” https://advisera.com/eugdpracademy/gdpr/position-of-the-data-protection-officer/ . The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests.

Also, one of the major roles of the DPO is to protect the rights and freedoms of the individuals whose data are collected. If the emplo yee is both appointed as DPO and is also responsible for determining the purposes and means of processing of individuals data, this conflictual situation would jeopardize the independence of the DPO.

Signing an additional agreement ensuring that the responsibilities of that other function do not affect the carrying out of the DPO role could be a solution for you if the DPO will not be responsible at all for determining the purposes and means of processing (not only on documents but also in the day by day tasks). To be honest this approach is not full proof since it might be difficult in practice for someone to play two conflicting roles .

Another solution would be to appoint an external DPO which represent an easy way to solve the conflict of interest issues and challenges presented by the requirements for independence.

You can find out more about the role of the DPO form our article “The role of the DPO in light of the General Data Protection Regulation” https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/