One of the first tasks of the Data Protection Officer is to inform and advise the organization of their obligations as per the Regulation and any other local privacy provisions. Also, the DPO will be responsible with monitoring compliance with the GDPR – including assigning responsibilities, raising awareness and training the staff. Another responsibility for the DPO will be to cooperate with the supervisory authority and act as the organization’s contact point on any issues related to the processing of personal data. Furthermore, they will respond to the individuals whose data is being processed on all issues related to the processing and allow them to exercise their rights under the GDPR.
We could say that the Data Protection Officer’s tasks fall into two categories. The first is related to monitoring the compliance of the organization to the GDPR, whether this is done by advising employees, organizing training sessions or just monitoring that the requirements of the Regulations are fulfilled. The second category is related to the DPO’s interactions with those outside of the organization – from the supervisory authority to the individuals whose data is being processed. It is at this point unclear if the DPO should interact with all data subjects. In the case of companies that process data from thousands of individuals, it would be difficult for the DPO to find a way to respond to all the incoming inquires from the data subjects, so finding a sustainable way to manage these interactions from the very beginning will be essential.