The DPO reports directly to “the highest management level” in the organisation and has the following tasks under the GDPR:
- Informing and advising the organisation and its employees of their data protection obligations.
- Monitoring the organisation’s compliance with the GDPR and internal data protection policies and procedures. This will include monitoring the assignment of responsibilities, awareness training, and training of staff involved in processing operations and related audits.
- Advising on whether a DPIA is necessary, how to conduct one and expected outcomes.
- Serving as the contact point for the ICO (or other relevant supervisory authority) on all data protection issues, including data breach reporting.
- Serving as the contact point for data subjects on privacy matters, including DSARs (data subject access requests).