top of page

Data protection officer

Definition in secondary legislation

From:

United Kingdom General Data Protection Regulation, Article 45

Legislation

Article 45: Tasks of the data protection officer

1. The data protection officer shall have the following tasks:
(a) to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union data protection provisions;
(b) to ensure in an independent manner the internal application of this Regulation; to monitor compliance with this Regulation, with other applicable Union law containing data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, the raising of awareness and training of staff involved in processing operations, and the related audits;
(c) to ensure that data subjects are informed of their rights and obligations pursuant to this Regulation;
(d) to provide advice where requested as regards the necessity for a notification or a communication of a personal data breach pursuant to Articles 34 and 35;
(e) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 39 and to consult the European Data Protection Supervisor in case of doubt as to the need for a data protection impact assessment;
(f) to provide advice where requested as regards the need for prior consultation of the European Data Protection Supervisor pursuant to Article 40; to consult the European Data Protection Supervisor in case of doubt as to the need for a prior consultation;
(g) to respond to requests from the European Data Protection Supervisor; within the sphere of his or her competence, to cooperate and consult with the European Data Protection Supervisor at the latter�s request or on his or her own initiative;
(h) to ensure that the rights and freedoms of data subjects are not adversely affected by processing operations.
2. The data protection officer may make recommendations to the controller and the processor for the practical improvement of data protection and advise them on matters concerning the application of data protection provisions. Furthermore he or she may, on his or her own initiative or at the request of the controller or the processor, the staff committee concerned or any individual, investigate matters and occurrences directly relating to his or her tasks which come to his or her notice, and report back to the person who commissioned the investigation or to the controller or the processor.
3. Further implementing rules concerning the data protection officer shall be adopted by each Union institution or body. The implementing rules shall in particular concern the tasks, duties and powers of the data protection officer.

If a flag appears next to this message, click on it to see others' comments about this definition

Further information:

Comment on this definition

Thanks for submitting!

bottom of page