In performing his or her tasks pursuant to Article 4, the DPO:

1. (a)

   may request information from any ECB business area on any matter relating to the DPO’s tasks and duties;

2. (b)

   shall have access to personal data being processed, to all ECB premises, and to all information, data processing operations and databases at any time;

3. (c)

   may issue an opinion on the lawfulness of actual or proposed processing operations, on the measures required to ensure that such operations are lawful, and on the suitability or adequacy of data protection measures or on any issue concerning processing operations;

4. (d)

   may bring to the Executive Board’s attention any data protection related issue, including the failure of an ECB staff member to comply with the provisions of Regulation (EU) 2018/1725 or any other Union data protection provisions applicable to the ECB;

5. (e)

   may request that data protection related items be added to the Executive Board’s agenda and submit relevant documentation to the Executive Board for that purpose;

6. (f)

   may conduct compliance checks of data processing operations carried out by a controller or on behalf of a controller;

7. (g)

   may restrict any data processing that is not in compliance with the provisions of Regulation (EU) 2018/1725 or this Decision or any other Union data protection provisions;

8. (h)

   may inform the EDPS of any issue related to data protection that requires the EDPS’s input or guidance.