Home Privacy Law GDPR Article 38 GDPR (Position of The Data Protection Officer)

Article 38 GDPR (Position of The Data Protection Officer)

Article 38 of GDPR: Position of The Data Protection Officer

Article 38 of GDPR provides organizations with the parameters to observe in its relationship with the data protection officer.

Involving the DPO relating to the protection of personal data (Article 38(1) GDPR)

The role of the data protection officer is to help organizations protect personal data and comply with GDPR.

As such, Article 38(1) requires that organizations involve their data protection officer with respect to all issues related to the protection of personal data.

Organizations to support the data protection officer (Article 38(2) GDPR)

Data controllers and data processors are required to:

  1. Support the DPO as it performs its duties
  2. Provide the DPO with sufficient resources to enable it to perform its tasks
  3. Provide the DPO with access to personal data and processing operations
  4. Help the DPO maintain his or her expert knowledge 

Protection and independence of the DPO (Article 38(3) GDPR)

GDPR requires that the data protection officer remains as independent as possible in carrying out its duties.

As a result, organizations must:

  1. Ensure the DPO is independent and does not receive instructions on how to do his or her job
  2. Is not dismissed or suffers consequences for carrying out his or her functions
  3. The DPO must report to the highest level of management

DPO as the point of contact for data subjects (Article 38(4) GDPR)

As it relates to data subjects, the data protection officer will act as the point of contact when individuals wish to exercise their rights under GDPR and with respect to any issues related to the processing of their personal data.

Duty of confidentiality (Article 38(5) GDPR)

It goes without saying that the data protection officer must have a duty of confidentiality concerning the performance of his or her functions.

Even if the duty of confidentiality was not specifically outlined in an employment contract or service agreement, GDPR imposes that duty on the DPO.

DPO to handle other tasks (Article 38(6) GDPR)

A data protection officer is authorized to handle other functions within an organization.

However, when carrying out other tasks or functions, the DPO must not be put in a situation where there may be a conflict of interest impacting his or her independence or ability to properly execute the DPO functions.

Recitals applicable to Article 38 of GDPR

Relevant Recitals: 97

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 38 or relevant recitals

None

GDPR Text: Article 38 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

What Is A Private Placement (Explained: All You Need To Know)

What Is A Private Placement (Explained: All You Need To Know)

Offering Memorandum (Explained: All You Need To Know)

Offering Memorandum (Explained: All You Need To Know)

Financial Services Industry (Explained: All You Need To Know)

Financial Services Industry (Explained: All You Need To Know)

Transporation Industry (Explained: All You Need To Know)

Transportation Industry (Explained: All You Need To Know)

What Is A First Look Deal (Explained: All You Need To Know)

What Is A First Look Deal (Explained: All You Need To Know)

Editor's Picks

How Long Is 7 Business Days (All You Need To Know)

How Long Is 7 Business Days (All You Need To Know)

Acquirer vs Acquiror [Legal Definition And Examples]

Acquirer vs Acquiror [Legal Definition And Examples]

Shark Repellent Defense (Explained: All You Need To Know)

Shark Repellent Defense (Explained: All You Need To Know)

Company vs Corporation (What Are The Differences: Overview)

Company vs Corporation (What Are The Differences: Overview)

It Was A Pleasure Working With You (All You Need To Know)

It Was A Pleasure Working With You (All You Need To Know)