The Data Protection Officer (DPO) is responsible for reviewing and monitoring the internal privacy work carried out by an organisation.
The tasks of a DPO is many, but consist of at least the following:
- informing and advising the controller or processor and the employees of their obligations according to applicable data protection law
- monitoring compliance with applicable data protection law and internal policies, including assignment of responsibilities, awareness-raising and training of staff that is involved in processing activities, and the related audits
- advising on the matter of conducting data protection impact assessments and monitoring its performance
- acting as a contact point for the supervisory authority on issues relating to the organisation’s processing activities
- Consulting, where appropriate, with regard to any other matter