The EU General Data Protection Regulation requires certain organizations to appoint a data protection officer. Even where such an appointment is not mandatory, it is still advisable for organizations processing personal data to appoint a DPO. The European Data Protection Board, formerly the Article 29 Working Party, has said DPOs are the cornerstone for organizations in terms of GDPR compliance. The DPO must be involved in all issues concerning the protection of personal data in an organization at the earliest opportunity. DPOs may be internal or external. Due to the critical role that he or she plays, the GDPR requires that the DPO is allowed to exercise his or her functions independently. So, what exactly is the role of a DPO, and why is it necessary that they be independent?
Artigo completo em: https://iapp.org/news/a/the-dpo-must-be-independent-but-how/
