Article 31*

Article 31 – Position of the data protection officer

Commission Proposal

1. Member States shall provide that the controller or the processor ensures that the data protection officer is properly and in a timely manner involved in all issues which relate to the protection of personal data.

2. The controller or processor shall ensure that the data protection officer is provided with the means to perform duties and tasks referred to under Article 32 effectively and independently, and does not receive any instructions as regards the exercise of the function.

EDRi’s proposed amendment

1. Member States shall provide that the controller or the processor ensures that the data protection officer is properly and in a timely manner involved in all issues which relate to the protection of personal data.

2. The controller or processor shall ensure that the data protection officer is provided with the means to perform duties and tasks referred to under Article 32 effectively and independently, and does not receive any instructions as regards the exercise of the function. This includes an appropriate administrative attachment and adequate staff, premises, equipment and any other resources necessary to carry out this role.

Justification

The administrative attachment of the DPO within the organisation’s structure is important for ensuring independence. This is suggested in line with the EDPS opinion (pt 406) and uses wording from Article 36 of the proposed General Data Protection Regulation..

  • eu logo The launch and upkeep (until December 31, 2013) of this website received financial support from the EU's Fundamental Rights and Citizenship Programme.
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: