ABSTRACT
Data protection ofcers, both of controllers and of processors, must be independent and able to act without constraint, direction, or instruction.
While this obligation is expressly stated as an obligation that controllers and processors must ensure, it can be said that data protection ofcers must also be cognizant of this obligation and that there is therefore also an obligation on them to act independently. The data protection ofcer should be alert and should object to communications that may be interpreted as placing him or her under pressure of being directed, pressured, or otherwise compromised in his or her duties. If there is a risk of such communications to the data protection ofcer, or some other
activity that makes clear that the controller, or processor, is in breach of their explicit obligations (or a risk that this may be the case), the data protection ofcer cannot ignore this, or worse still, acquiesce to this.
