Table of Contents
Article 39 of GDPR: Tasks of The Data Protection Officer
Article 39 of GDPR provides more details as to the tasks to be carried out by the data protection officer.
GDPR imposed tasks on DPO (Article 39(1) GDPR)
The following represents a set of tasks that GDPR specifically requires of the data protection officer:
- Advise and educate data controllers, data processors and their employees about how to comply with GDPR (Article 39(1)(a) GDPR)
- Monitor the organization’s compliance, assess the company’s policies and procedures related to data protection, support the training of employees processing data with their GDPR libations and raise the overall awareness of data protection within the organization (Article 39(1)(b) GDPR)
- Provide advice should a data protection impact assessment be necessary (Article 39(1)(c) GDPR)
- Cooperate with the supervisory authority as requested (Article 39(1)(d) GDPR)
- Act as the point of contact with the supervisory authority (Article 39(1)(e) GDPR)
DPO to consider the data processing risk (Article 39(2) GDPR)
As the data protection officer carries out his or her tasks and evaluates an organization’s data processing activities, it must consider the risk of the data processing activities based on the following factors:
- Nature of data processing
- Scope of data processing
- Context of data processing
- Purpose of data processing
Recitals applicable to Article 39 of GDPR
Relevant Recitals: 97
GDPR Regulation article-by-article overview
Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.
Cited Legislation in Article 39 or relevant recitals
None
GDPR Text: Article 39 of GDPR and Relevant Recitals
GDPR Text Source: EUR-Lex
Official GDPR Text: General Data Protection RegulationÂ
Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)