Profile of the DPO


The DPO is a professional whose tasks are set out in article 39 of Regulation (EU) 679/2016, and who is responsible for applying legislation on privacy and data protection.


The data protection officer
will perform at least the following tasks:


The data protection officer shall perform his or her duties with due regard to the risks associated with the processing operations, taking into account the nature, scope, context and purposes of the processing.


To do so, he/she must be able to:

  • collect information to identify processing activities.
  • Analyse and check the compliance of processing activities.
  • Inform, advise, and issue recommendations to the controller or the processor.
  • collect information to supervise the register of processing operations.
  • provide advice on the application of the principle of data protection by design and by default.
Advise on:
  • whether a data protection impact assessment should be carried out or not.
  • what methodology should be followed when carrying out a data protection impact assessment.
  • Swhether a data protection impact assessment should be carried out in-house or outsource it.
  • what safeguards (including technical and organisational measures) to apply in order to mitigate any risk to the rights and interests of the data subjects.
  • whether or not the data protection impact assessment has been carried out correctly.
  • If its conclusions (whether or not to proceed with treatment and what safeguards to apply) are in compliance with the Regulation.
Advise the data controller on:
  • Which methodology should be used when carrying out a data protection impact assessment.
  • Which areas should be subject to an internal or external data protection audit.
  • Which internal training activities to provide to personnel or the managers responsible for data processing activities and to which processing operations the most time and resources should be dedicated.


Conviértete en PARTNER