Article 39 GDPR (Tasks of The Data Protection Officer)

Article 39 of GDPR: Tasks of The Data Protection Officer

Article 39 of GDPR provides more details as to the tasks to be carried out by the data protection officer.

GDPR imposed tasks on DPO (Article 39(1) GDPR)

The following represents a set of tasks that GDPR specifically requires of the data protection officer:

  1. Advise and educate data controllers, data processors and their employees about how to comply with GDPR (Article 39(1)(a) GDPR)
  2. Monitor the organization’s compliance, assess the company’s policies and procedures related to data protection, support the training of employees processing data with their GDPR libations and raise the overall awareness of data protection within the organization (Article 39(1)(b) GDPR)
  3. Provide advice should a data protection impact assessment be necessary (Article 39(1)(c) GDPR)
  4. Cooperate with the supervisory authority as requested (Article 39(1)(d) GDPR)
  5. Act as the point of contact with the supervisory authority (Article 39(1)(e) GDPR)

DPO to consider the data processing risk (Article 39(2) GDPR)

As the data protection officer carries out his or her tasks and evaluates an organization’s data processing activities, it must consider the risk of the data processing activities based on the following factors:

  1. Nature of data processing
  2. Scope of data processing
  3. Context of data processing
  4. Purpose of data processing

Recitals applicable to Article 39 of GDPR

Relevant Recitals: 97

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 39 or relevant recitals


GDPR Text: Article 39 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)