
PART 3Law enforcement processing

CHAPTER 4Controller and processor

Data protection officers

71Tasks of data protection officer

(1)The controller must entrust the data protection officer with at least the following tasks—

(a)informing and advising the controller, any processor engaged by the controller, and any employee of the controller who carries out processing of personal data, of that person’s obligations under this Part,

(b)providing advice on the carrying out of a data protection impact assessment under section 64 and monitoring compliance with that section,

(c)co-operating with the Commissioner,

(d)acting as the contact point for the Commissioner on issues relating to processing, including in relation to the consultation mentioned in section 65, and consulting with the Commissioner, where appropriate, in relation to any other matter,

(e)monitoring compliance with policies of the controller in relation to the protection of personal data, and

(f)monitoring compliance by the controller with this Part.

(2)In relation to the policies mentioned in subsection (1)(e), the data protection officer’s tasks include—

(a)assigning responsibilities under those policies,

(b)raising awareness of those policies,

(c)training staff involved in processing operations, and

(d)conducting audits required under those policies.

(3)In performing the tasks set out in subsections (1) and (2), the data protection officer must have regard to the risks associated with processing operations, taking into account the nature, scope, context and purposes of processing.