ABSTRACT
Article 38(3) of the General Data Protection Regulation refers to the position of the data protection ofcer. It requires that “The Data Protection Ofcer shall directly report to the highest management level of the controller or the processor.”
