Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
Section 5.13 What is the role of the DPO with respect to data protection impact assessmentsandrecordsof processing activities?
As far as the data protection impact assessment is concerned, the controller or the processor should seek the advice of the DPO, on the following issues, amongst others:
-
whether or not to carry out a DPIA
-
what methodology to follow when carrying out a DPIA
-
whether to carry out the DPIA in-house or whether to outsource it
-
what safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
-
whether or not the data protection impact assessment has been correctly carried out and whether its conclusions (whether or not to go ahead with the processing and what safeguards to apply) are in compliance with data protection requirements