PART 3Law enforcement processing
CHAPTER 4Controller and processor
Data protection officers
I170Position of data protection officer
1
The controller must ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.
2
The controller must provide the data protection officer with the necessary resources and access to personal data and processing operations to enable the data protection officer to—
a
perform the tasks mentioned in section 71, and
b
maintain his or her expert knowledge of data protection law and practice.
3
The controller—
a
must ensure that the data protection officer does not receive any instructions regarding the performance of the tasks mentioned in section 71;
b
must ensure that the data protection officer does not perform a task or fulfil a duty other than those mentioned in this Part where such task or duty would result in a conflict of interests;
c
must not dismiss or penalise the data protection officer for performing the tasks mentioned in section 71.
4
A data subject may contact the data protection officer with regard to all issues relating to—
a
the processing of that data subject's personal data, or
b
the exercise of that data subject's rights under this Part.
5
The data protection officer, in the performance of this role, must report to the highest management level of the controller.