ABSTRACT
The controller and the processor shall ensure that the data protection ofcer is involved in all issues that relate to the protection of personal data in a proper and timely manner.*
The data protection ofcer shall have at least the following tasks:
• To inform and advise the controller or the processor and the employees who carry out data processing of their obligations pursuant to the General Data Protection Regulation (GDPR) and to other Union or Member State data protection provisions
• To monitor compliance with the GDPR, with other Union or Member State data protection provisions, and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and related audits
• To provide advice, where requested, regarding the data protection impact assessment and to monitor its performance pursuant to Article 35
• To cooperate with the supervisory authority
• To act as the contact point for the supervisory authority on issues related to data processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, on any other matter*
The data protection ofcer will therefore inform and advise on the organization’s and employees’ obligations under the data protection regime.
