Nearly eight years after the implementation of the GDPR, is the role of the Data Protection Officer still treated by some organisations as a mere formal requirement?
In an article for “Rzeczpospolita”, Wojciech Cianciara, Data Protection Officer at RK Legal, highlights one of the key issues faced by organisations: the independence of the DPO.
As he points out, a Data Protection Officer cannot be indirectly subordinated within the organisational structure, even if they retain a certain level of autonomy in practice.
Independence is not an accessory
Under the GDPR, the DPO should report directly to the highest management level.
The full article is available in “Rzeczpospolita”:
https://pro.rp.pl/biznes/art44123601-dlaczego-iod-to-pulapka-w-ktora-wpadaja-polskie-firmy
