Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
GDPR — Table of Contents

AI-generated summary

This provision safeguards the independence and effectiveness of the data protection officer by requiring that the DPO is involved in all data protection matters in a timely manner, receives necessary resources, and operates free from instructions. The DPO must not be penalised for performing their duties and shall report directly to the highest management level of the organisation.

Art. 38 GDPR

Position of the data protection officer

Kapitel 4 — Controller and processor

(1.)The and the shall ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of .
(2.)The and shall support the data protection officer in performing the tasks referred to in Article 39 by providing resources necessary to carry out those tasks and access to and operations, and to maintain his or her expert knowledge.
(3.)The and shall ensure that the data protection officer does not receive any instructions regarding the exercise of those tasks. He or she shall not be dismissed or penalised by the or the for performing his tasks. The data protection officer shall directly report to the highest management level of the or the .
(4.)Data subjects may contact the data protection officer with regard to all issues related to of their and to the exercise of their rights under this Regulation.
(5.)The data protection officer shall be bound by secrecy or confidentiality concerning the performance of his or her tasks, in accordance with Union or Member State law.
(6.)The data protection officer may fulfil other tasks and duties. The or shall ensure that any such tasks and duties do not result in a conflict of interests.
Source:
EUR-Lex CELEX 02016R0679-20160504
Citation:
OJ L 119, 04.05.2016, p. 1; corrected by OJ L 127, 23.05.2018, p. 2
As of:
2016-05-04
Retrieved:
2026-02-25