Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)

Categories Blog, Business, Design / Branding, Free Data Protection Resources
Date September 7, 2020

Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)

Section 4.1. Monitoring compliance with the GDPR

Article 39(1)(b) entrusts DPOs, among other duties, with the duty to monitor compliance with the GDPR. Recital 97 further specifies that DPO ‘should assist the controller or the processor to monitor internal compliance with this Regulation’.

As part of these dutiesto monitor compliance, DPOsmay, in particular:

collect information to identify processingactivitiesan
alyse and check the compliance of processing activities
inform, advise and issue recommendations to the controller or the processor

Monitoring of compliance does not mean that it is the DPO who is personally responsible where there is an instance of non-compliance. The GDPR makes it clear that it is the controller, not the DPO, who is required to ‘implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation’ (Article 24(1)). Data protection compliance is a corporate responsibility of the data controller, not of the DPO.