While this cornerstone of the GDPR is not responsible for compliance, it “ is an essential cog, capable of combining expertise and advice at all stages of projects involving the use of personal data ”.
The text of 25 May 2018 imposes several guarantees to perform its functions: a designation made “ according to criteria, in particular of skills, knowledge and absence of conflict of interest “. Lack of instructions from the data controller, means to perform their duties, etc.
“ But what are the concrete translations of these obligations? How to ensure that the chosen DPO can fulfill his missions satisfactorily? ”asks the CNIL. Three and a half years after the entry into force of the GDPR, the authority publishes a practical guide on its designation and functions.
- The practical guide for the data protection officer