Tracking performance and advising on likely results of privacy controls.
Maintaining records of data processing activities, protection efforts and the reasons why they were implemented, in case of request.
Informing individuals about how their personal information is being used, protection measures safeguarding their information and their ‘right to be forgotten’.
In addition day to day, the DPO is the internal authority on GDPR guidance for all activities involving personal information. Any new project, architecture, design or plan that includes personal information should have the input from the DPO.
The DPO is mandated to report to the Chief Executive of an organisation. Crucially, the DPO must be a true expert on the GDPR. They need to know the GDPR inside out and how to comply with it in the real world.