Position of the data protection officer
The controller and the processor shall ensure that the Data Protection Officer is properly and timely involved in all matters relating to the protection of personal data.
The controller and the processor shall support the data protection officer in performing the tasks referred to in Article 39 by providing him with access to personal data and processing operations and by providing him with the necessary resources to perform these tasks and maintain his expertise.
The controller and the processor shall ensure that the Data Protection Officer does not receive any instructions with respect to the performance of those duties. He shall not be dismissed or penalized by the controller or processor for performing his duties. The data protection officer shall report directly to the highest management level of the controller or processor.
Data subjects may contact the Data Protection Officer on any matter relating to the processing of their data and the exercise of their rights under this Regulation.
The Data Protection Officer shall be bound to secrecy or confidentiality with respect to the performance of his duties in accordance with Union or Member State law.
The data protection officer may perform other tasks and duties. The controller or processor shall ensure that these tasks or duties do not lead to a conflict of interest.
