Under the General Data Protection Regulation (GDPR), when an organisation must or choose to appoint a Data Protection Officer (see here), the latter must, at least, be in charge of the following tasks:
• informing and advising the controller or the processor and their employees who carry out processing operations of their obligations according to this Regulation and to other Union or Member State data protection provisions
• monitoring compliance with the GDPR, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations and the related audits ;
• Providing advice where requested as regards the data protection impact assessment and monitor its performance;
• Cooperating with the supervisory authority;
• Acting as the contact point for the supervisory authority on issues relating to processing, including the prior consultation.