Home Privacy Law GDPR Article 38 GDPR (Position of The Data Protection Officer)

Article 38 GDPR (Position of The Data Protection Officer)

Article 38 of GDPR: Position of The Data Protection Officer

Article 38 of GDPR provides organizations with the parameters to observe in its relationship with the data protection officer.

Involving the DPO relating to the protection of personal data (Article 38(1) GDPR)

The role of the data protection officer is to help organizations protect personal data and comply with GDPR.

As such, Article 38(1) requires that organizations involve their data protection officer with respect to all issues related to the protection of personal data.

Organizations to support the data protection officer (Article 38(2) GDPR)

Data controllers and data processors are required to:

  1. Support the DPO as it performs its duties
  2. Provide the DPO with sufficient resources to enable it to perform its tasks
  3. Provide the DPO with access to personal data and processing operations
  4. Help the DPO maintain his or her expert knowledge 

Protection and independence of the DPO (Article 38(3) GDPR)

GDPR requires that the data protection officer remains as independent as possible in carrying out its duties.

As a result, organizations must:

  1. Ensure the DPO is independent and does not receive instructions on how to do his or her job
  2. Is not dismissed or suffers consequences for carrying out his or her functions
  3. The DPO must report to the highest level of management

DPO as the point of contact for data subjects (Article 38(4) GDPR)

As it relates to data subjects, the data protection officer will act as the point of contact when individuals wish to exercise their rights under GDPR and with respect to any issues related to the processing of their personal data.

Duty of confidentiality (Article 38(5) GDPR)

It goes without saying that the data protection officer must have a duty of confidentiality concerning the performance of his or her functions.

Even if the duty of confidentiality was not specifically outlined in an employment contract or service agreement, GDPR imposes that duty on the DPO.

DPO to handle other tasks (Article 38(6) GDPR)

A data protection officer is authorized to handle other functions within an organization.

However, when carrying out other tasks or functions, the DPO must not be put in a situation where there may be a conflict of interest impacting his or her independence or ability to properly execute the DPO functions.

Recitals applicable to Article 38 of GDPR

Relevant Recitals: 97

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 38 or relevant recitals

None

GDPR Text: Article 38 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

Most Popular

Electronic Signature Clause (Explained: All You Need To Know)

Electronic Signature Clause (Explained: All You Need To Know)

What Is A Mortgagee Clause (Explained: All You Need To Know)

What Is A Mortgagee Clause (Explained: All You Need To Know)

What Is Business Flexibility (Explained: All You Need To Know)

What Is Business Flexibility (Explained: All You Need To Know)

What Is Liquidity Ratio (Explained: All You Need To Know)

What Is Liquidity Ratio (Explained: All You Need To Know)

What Are Laundry Services (Explained: All You Need To Know)

What Are Laundry Services (Explained: All You Need To Know)

Editor's Picks

Anonymous LLC (What It Is And How It Works: Overview)

Anonymous LLC (What It Is And How It Works: Overview)

Bear Hug (Meaning In Business And How It Work: All You Need To Know)

Bear Hug (Meaning In Business And How It Work: All You Need To Know)

Due Diligence Period (Explained: All You Need To Know)

Due Diligence Period (Explained: All You Need To Know)

Commercial Contracts (What Are They And All You Must Know)

Commercial Contracts (What Are They And All You Must Know)

What Is Data Compliance (Regulations And Standards)

What Is Data Compliance (Regulations And Standards)