The Data Protection Officer or DPO will perform the following functions:
1. Inform and advise the Data Controller of data processing of the obligations that must be carried out to comply with the GDPR. The Data Protection Officer must record on paper the communications with the Data Controller for the treatment and their responses.
2. Supervise the application of the rules by the Data Controller of the treatment in the matter of personal data protection. This section includes assignment of responsibilities, training of personnel and corresponding audits.
3. Supervise the application of the General Data Protection Regulation. And in particular of the requirements related to data protection.
4. Supervise the conservation of documentation.
5. Supervise the documentation, notification and communication of personal data breach.
6. Supervise the response to the requests of the supervisory authority. And cooperate with her at their request or on their own initiative.
7. Act as a point of contact with the supervisory authority on issues related to treatment.
8. Contact with the authority in Data Protection.
9. The Data Protection Officer will ensure that the data protection regulations in organizations are complied with. And it will have a close relationship with the authorities corresponding to this legislation.
According to article 38 of the GDPR is important follow these steps:
1. The controller and the processor shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.
2. The controller and processor shall support the data protection officer in performing the tasks referred to in Article 39 by providing resources necessary to carry out those tasks and access to personal data and processing operations, and to maintain his or her expert knowledge.
3. The controller and processor shall ensure that the data protection officer does not receive any instructions regarding the exercise of those tasks. He or she shall not be dismissed or penalised by the controller or the processor for performing his tasks. The data protection officer shall directly report to the highest management level of the controller or the processor.
4. Data subjects may contact the data protection officer with regard to all issues related to processing of their personal data and to the exercise of their rights under this Regulation.
5. The data protection officer shall be bound by secrecy or confidentiality concerning the performance of his or her tasks, in accordance with Union or Member State law.
6. The data protection officer may fulfil other tasks and duties. The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests.