Data Protection Officer (DPO)


      The Data Protection Officer (DPO) is the function responsible for reviewing and monitoring the privacy practices of their organisation.

      The tasks of a DPO are many, but consist of at least the following:

      • informing and advising the controller or processor and the employees of their obligations according to applicable data protection law
      • monitoring compliance with applicable data protection law and internal policies, including assignment of responsibilities, awareness-raising and training of staff that is involved in processing activities, and the related audits
      • advising on the matter of conducting data protection impact assessments and monitoring its performance
      • acting as a contact point for the supervisory authority on issues relating to the organisation’s processing activities
      • Consulting, where appropriate, with regard to any other matter

      For a complete guide to the Data Protection Officer, its purpose, the competencies, when to appoint a DPO, the position of the DPO, the tasks and fines, read our article Data Protection Officer.

      The DPO must act independently and be free of any conflict of interests. For a guide to how to avoid creating a conflict of interest when appointing the DPO, read our article DPO Conflict of Interest.