Regarding the conflict of interest clause in the DPO Job Description document, what options are there if the DPO holds another role at the company that does require him to determine the purposes or means of processing personal data? Would it satisfy GDPR requirements for him to sign an additional agreement ensuring that the responsibilities of that other function do not affect the carrying out of the DPO role?
According to Recital 97 of the GDPR “data protection officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner.”
Also, one of the major roles of the DPO is to protect the rights and freedoms of the individuals whose data are collected. If the emplo yee is both appointed as DPO and is also responsible for determining the purposes and means of processing of individuals data, this conflictual situation would jeopardize the independence of the DPO.
Signing an additional agreement ensuring that the responsibilities of that other function do not affect the carrying out of the DPO role could be a solution for you if the DPO will not be responsible at all for determining the purposes and means of processing (not only on documents but also in the day by day tasks). To be honest this approach is not full proof since it might be difficult in practice for someone to play two conflicting roles .
Another solution would be to appoint an external DPO which represent an easy way to solve the conflict of interest issues and challenges presented by the requirements for independence.