{"id":1005,"date":"2023-03-07T11:20:18","date_gmt":"2023-03-07T11:20:18","guid":{"rendered":"https:\/\/dmp.hu\/?p=1005"},"modified":"2023-03-07T11:20:18","modified_gmt":"2023-03-07T11:20:18","slug":"dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer","status":"publish","type":"post","link":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/","title":{"rendered":"DPO article series, part 4: The Legal Status of the data protection officer"},"content":{"rendered":"<p><em>In this article, we would like to present the most important parts of the status and duties of the <strong>Data Protection Officers<\/strong> (DPOs), mainly focusing on the DPOs participation in decisions, the provision of resources, the independence, the liability and possible sanctions, the obligation of confidentiality and finally, the conflict of interest.<\/em><\/p>\n<h2>1. Participation in decisions<\/h2>\n<p>According to the Article 38 (1) of <strong><a href=\"https:\/\/gdpr-info.eu\/art-38-gdpr\/\" target=\"_blank\" rel=\"noopener\">GDPR<\/a><\/strong> \u2013 to ensure that the <strong>Data Protection Officer<\/strong> (hereinafter referred to as: <strong>DPO<\/strong>) is actively involved in the planning and implementation of activities relevant to <strong><a href=\"https:\/\/dmp.hu\/en\/data-protection\/\">data protection<\/a> <\/strong>\u2013the controller and the processor must ensure that the <strong>DPO<\/strong> <em>\u201eis involving in an appropriate and timely way in all matters relating to the protection of personal data\u201d<\/em>. This can be done in several ways, including the following:<\/p>\n<ul>\n<li>regularly inviting the <strong>DPO<\/strong> to management meetings, especially where decisions with <strong>data protection <\/strong>implications may be taken;<\/li>\n<li>the opinion of the <strong>DPO<\/strong> should be carefully taken into consideration. In case of disagreement, it is recommended to document why the controller and the processor do not act in the way recommended by the <strong>DPO<\/strong>;<\/li>\n<li>if a <strong>data protection <\/strong>or other incident has occurred, consult the <strong>DPO<\/strong> urgently;<\/li>\n<li>in the case of a controller or processor with departments, \u201edata managers\u201d, who have the best insight into their own team to effectively communicate information to the <strong>DPO<\/strong> and to replace him or her in his or her absence, may be appointed, if necessary.<\/li>\n<\/ul>\n<p>As can be seen from the above, these obligations aim to facilitate a proactive approach by data controllers and processors to work with the <strong>DPO<\/strong> and comply with the <strong>GDPR<\/strong> rules. (the more attention the controller or processor pays to the involvement of the <strong>DPO<\/strong>, the more privacy expectations can be integrated into business processes). If an internal <strong>DPO<\/strong> is appointed, it is obviously easier to comply with the requirement to participate in decision-making. However, it should be noted that the excessive involvement of the <strong>DPO<\/strong> in decision-making may lead to a possible breach of the conflict of interest rules, which will be explained later (for example, if the organisation requests the opinion of the <strong>DPO<\/strong> on <strong>data protection <\/strong>issues in the context of the payment of an employee bonus). The participation in decision-making requirement is, however, more difficult to meet for an external <strong>DPO<\/strong>, as a trusted service provider who is not part of the controller or processor&#8217;s organisation cannot logically participate in these processes to the same extent as an employee. To deal effectively with such issues, it may be good practice for the controller or processor to establish in advanced internal rules or programmes that explicitly identify the subjects on which the <strong>DPO<\/strong> should be consulted.<\/p>\n<h2>2. Provision of resources<\/h2>\n<p>According to the Article 38 (2) of <strong>GDPR<\/strong> an obligation of the controller or processor to provide any necessary resources for the <strong>DPO<\/strong>;<\/p>\n<ul>\n<li>for fulfilling their tasks as defined in the <strong>GDPR<\/strong>;<\/li>\n<li>for accessing to personal data and data processing operations; and<\/li>\n<li>for maintaining the level of expert knowledge.<\/li>\n<\/ul>\n<p>The objectives of the first two points typically involve technical, organisational and infrastructural measures, such as ensuring that the <strong>DPO<\/strong> has the time, space and equipment, support staff and access to IT systems necessary to carry out his or her work. Promotion of the maintenance of expertise also implies that the controller or processor encourages the <strong>DPO<\/strong> to participate in activities (for example: participation in professional forums, training courses) that lead to the development of his or her professional knowledge of the protection of personal data.<\/p>\n<p>There may be practical differences between the <strong><a href=\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-2-appointment-of-the-data-protection-officer\/\">appointment of an internal or an external DPO<\/a><\/strong> in the context of supporting a controller or processor to attend training, especially if the training costs some financial resources. If the controller or processor employs an internal <strong>DPO<\/strong>, the employer&#8217;s reimbursement of training costs (by the employer) may be determined on the basis of the Labour Code (provided that the training is justified for the performance of the employment contract. \u00a0According to the Article 4 of Section 6:278. of Act V of 2013 on the Civil Code (hereinafter referred to as: <strong>\u201eAct on the Civil Code\u201d<\/strong>), at an external <strong>DPO<\/strong> the delegated may only claim reimbursement for training provided on the instructions of the controller or processor. It can be observed that in the case of the internal <strong>DPO<\/strong>, the costs of attending training initiated by the employee can be reimbursed, but in the case of the external <strong>DPO<\/strong>, this is only possible by individual agreement. When authorising training, in the same way as for the provision of other resources, the controller and processor \u2013may decide, that not to support the training of the <strong>DPO<\/strong> on the grounds that its duration and cost are not proportional to the complexity and sensitivity of the organisation&#8217;s data processing operations.<\/p>\n<h2>3. Independence<\/h2>\n<p>According to the Article 38 (3) of <strong>GDPR<\/strong>, the controller and the processor must ensure that <em>\u201ethe <strong>DPO<\/strong> must not accept instructions from anyone in connection with the performance of his or her duties\u201d<\/em>, these requirements apply to both internal and external <strong>DPO<\/strong>. These mean that a <strong>DPO<\/strong> is not obliged how to handle requests from data subjects, when consult the supervisory authority, or how to interpret a legal provision related to the processing and protection of personal data. However, the <strong>DPO<\/strong> must also respect other basic standards of behaviour in the performance of his or her duties; as an employee, he or she has to protect the employer\u2019s interests, whereas the <strong><a href=\"https:\/\/dmp.hu\/en\/introduction\/\">data protection lawyer<\/a><\/strong> acting for the client within an assignment contract, he or she is obliged to protect the client&#8217;s interests, but this does not mean that the independence of the <strong>DPO<\/strong> is overruled by these rules, because according to the Article 99 of <strong>GDPR<\/strong>, the independence of the <strong>DPO<\/strong> is entirely binding and directly applicable in all member states.<\/p>\n<h2>4. The liability of the DPO, sanctions<\/h2>\n<p>On the basis of Article 24 (1) and Article 38 (3) of <strong>GDPR<\/strong>, the <strong>DPO<\/strong> has no personal responsibility for compliance with the General Data Protection Regulation (the controller and the processor are directly responsible for compliance with and monitoring of <strong>data protection <\/strong>legislation). In order to promote the independence of the <strong>DPO<\/strong>, he or she is accountable only to the top management of the controller or processor and is protected against adverse consequences (he or she van not be sanctioned or dismissed in connection with the performance of his or her duties). \u00a0Regardless of these rules, the controller and the processor have the right to terminate the employment of the <strong>DPO<\/strong>, and the possibility to apply liability rules for employees and assignees.<\/p>\n<h2>5. Obligation of confidentiality<\/h2>\n<p>According to the Article 38 of <strong>GDPR<\/strong>, <em>\u201ethe <strong>DPO<\/strong> is subject to an obligation of confidentiality or data protection secrecy in the performance of his or her duties under Union or Member State law\u201d<\/em>. The Act on the Right of Informational Self-Determination on Freedom of Information, the Labour Code, the Act on the activities of attorneys-at-law in Hungary also contain confidentiality provisions that explicitly guarantee the confidentiality of the <strong>DPO<\/strong>&#8216;s duties.<\/p>\n<h2>6. Conflict of interests<\/h2>\n<p>In general, the <strong>DPO<\/strong> may also perform other tasks in addition to those provided for in the General Data Protection Regulation, but under the Article 38 (6) of <strong>GDPR<\/strong>, the controller or processor must ensure that these tasks do not give rise to a conflict of interest. The existence of a conflict of interest must always be assessed on a case-by-case basis. However, it is a general rule, there is a conflict of interest where the <strong>DPO<\/strong> determines the purposes and means of the controller&#8217;s or processor&#8217;s (and in relation to activities carried out for their benefit) processing of personal data. For example: there is a conflict of interest in holding a senior management or departmental management position and in representing a client in court.<\/p>\n<p>We shall refer to a <a href=\"https:\/\/www.lda.bayern.de\/media\/pm\/pm2016_08.pdf\" target=\"_blank\" rel=\"noopener\">decision of the Bavarian Data Protection Commissioner<\/a> in 2016. According to this decision (under Bavarian law) the <strong>DPO<\/strong> cannot be the information technology manager of the organisation, as this would essentially mean that he would have to verify his own activities and could not perform his tasks independently. <a href=\"https:\/\/edpo.com\/news\/dpo-and-conflict-of-interest-50-000e-fine-by-the-belgian-dpa\/\">In a decision<\/a> of 28 April 2020 of the Belgian data protection authority imposed a fine of 50\u00a0000 EUR on a data controller because of a conflict of interest on the part of the <strong>DPO<\/strong> appointed by the data controller. The reason for this was that the <strong>DPO<\/strong> also held a senior position in the company&#8217;s internal <strong><a href=\"https:\/\/dmp.hu\/en\/data-protection\/#audit\">GDPR audit<\/a><\/strong>, compliance and risk assessment functions. This fact raised fundamental doubts as to the independence of the <strong>DPO<\/strong>&#8216;s activities, as he had such a degree of influence on the data processing processes that he determined the purposes and means of the processing of personal data.<\/p>\n<p><a href=\"https:\/\/curia.europa.eu\/juris\/document\/document.jsf?text=&amp;docid=270323&amp;pageIndex=0&amp;doclang=EN&amp;mode=req&amp;dir=&amp;occ=first&amp;part=1&amp;cid=3046073\" target=\"_blank\" rel=\"noopener\">In a Feb. 9 ruling<\/a> centered around Article 38 of the EU General Data Protection Regulation, the Court of Justice of the European Union (CJEU) stated DPOs should \u201cbe in a position to perform their duties and tasks in an independent manner\u201d but \u201ccannot be entrusted with tasks or duties which would result in him or her determining the objectives and methods of processing personal data on the part of the controller or its processor.\u201d The CJEU\u2019s determination followed a request for a preliminary ruling made by the Federal Labour Court of Germany, regarding proceedings between X-Fab Dresden and its former <strong>data protection officer<\/strong>.<\/p>\n<p>The former <strong>DPO<\/strong>, who had also performed the role of \u201cchair of the works council,\u201d was dismissed from the role of <strong>DPO<\/strong> in December 2017.\u00a0 X-Fab argued the former <strong>DPO<\/strong>\u2019s dismissal was justified, citing \u201ca risk of a conflict of interests\u201d in performing both functions. \u201cThe CJEU found that Article 38, which states DPOs cannot be dismissed or penalized for performing tasks, does not prevent national laws from establishing additional protections against dismissing DPOs. However, these additional protections should not \u201ccompromise the principal objectives of the <strong>GDPR<\/strong> to maintain high levels of data protection.\u201d<\/p>\n<p>The Belgian data protection authority made <a href=\"https:\/\/blog.eprivacy.eu\/?p=1318\" target=\"_blank\" rel=\"noopener\">another relevant decision in this topic<\/a>, where they imposed a fine on an unnamed bank because its internal <strong>data protection officer<\/strong> was also the head of three departments with decision-making powers over the processing of personal data.<\/p>\n<p>The <strong>DPO<\/strong> was simultaneously head of the Bank\u2019s operational risk management, information risk management department and special investigation unit, which led to a conflict of interest. The Belgian DPA argues that these activities are not purely advisory and supervisory functions. A conflict of interest is assumed whenever the <strong>DPO<\/strong> can decide on the processing of personal data himself.<\/p>\n<p>Lastly, we shall review a recent <a href=\"https:\/\/gdprhub.eu\/index.php?title=BlnBDI_(Berlin)_-_Berlin_DPO_Conflict_of_Interest\" target=\"_blank\" rel=\"noopener\">decision<\/a> made by the Berlin Commissioner for Data Protection and Freedom, which fined a retail group \u20ac525,000 for violating Article 38(6) <strong>GDPR<\/strong> due to the conflict of interest of their <strong>DPO<\/strong> who independently monitored decisions made in their capacity as an executive of the company. The <strong>DPO<\/strong> was at the same time the managing director of two service companies which processed data on behalf of the controller. These service companies were also part of the group which provided customer service and carried out orders. In carrying out their legal duties, the <strong>DPO<\/strong> had to monitor compliance with <strong>data protection <\/strong>laws by the service companies operating within the framework of the processing whilst also being responsible for making managerial decisions within it.<\/p>\n<p>Depending on the size and organisational structure of the controller or processor, the following measures may be good practices to prevent conflicts of interest for <strong>DPO<\/strong>:<\/p>\n<ul>\n<li>identify positions that are incompatible with the position of <strong>DPO<\/strong>;<\/li>\n<li>to clarify the issue, introduce explicit internal rules to avoid conflicts of interest for <strong>DPO<\/strong>;<\/li>\n<li>indicate in the declaration that the <strong>DPO<\/strong> has no conflict of interest;<\/li>\n<li>in the case of an external delegate, to ensure that the <strong>DPO<\/strong>&#8216;s recruitment file, job description, contract of engagement contain sufficiently precise and detailed checks to avoid any conflict of interest.<\/li>\n<\/ul>\n<p>Do you have a question about data protection or the position of\u00a0<strong>Data Protection Officer<\/strong>? Contact me!<\/p>\n<p><strong>dr. Mikl\u00f3s P\u00e9ter \u2013 <a href=\"https:\/\/dmp.hu\/en\/introduction\/\">GDPR lawyer <\/a><\/strong><strong>\/\u00a0<\/strong><a href=\"mailto:dmp@dmp.hu\"><strong>dmp@dmp.hu<\/strong><\/a><strong> \/\u00a0<\/strong><strong>+36306485521<\/strong><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article, we would like to present the most important parts of the status and duties of the Data Protection Officers (DPOs), mainly focusing on the DPOs participation in decisions, the provision of resources, the independence, the liability and possible sanctions, the obligation of confidentiality and finally, the conflict of interest.<\/p>\n","protected":false},"author":3,"featured_media":1016,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-1005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DPO article series: The Legal Status of the data protection officer<\/title>\n<meta name=\"description\" content=\"The most important parts of the status and duties of the Data Protection Officers (DPOs). Mikl\u00f3s P\u00e9ter - Data protection lawyer, GDPR lawyer\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DPO article series, part 4: The Legal Status of the data protection officer\" \/>\n<meta property=\"og:description\" content=\"The most important parts of the status and duties of the Data Protection Officers (DPOs). Mikl\u00f3s P\u00e9ter - Data protection lawyer, GDPR lawyer\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/\" \/>\n<meta property=\"og:site_name\" content=\"dr. Mikl\u00f3s P\u00e9ter adatv\u00e9delmi jog\u00e1sz\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-07T11:20:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1279\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"bogi.zkdesign\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"bogi.zkdesign\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/\"},\"author\":{\"name\":\"bogi.zkdesign\",\"@id\":\"https:\/\/dmp.hu\/#\/schema\/person\/33cf28dbdf82ac3f69dd4071c6a8fca8\"},\"headline\":\"DPO article series, part 4: The Legal Status of the data protection officer\",\"datePublished\":\"2023-03-07T11:20:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/\"},\"wordCount\":2004,\"image\":{\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg\",\"articleSection\":[\"Data Protection\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/\",\"url\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/\",\"name\":\"DPO article series: The Legal Status of the data protection officer\",\"isPartOf\":{\"@id\":\"https:\/\/dmp.hu\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg\",\"datePublished\":\"2023-03-07T11:20:18+00:00\",\"author\":{\"@id\":\"https:\/\/dmp.hu\/#\/schema\/person\/33cf28dbdf82ac3f69dd4071c6a8fca8\"},\"description\":\"The most important parts of the status and duties of the Data Protection Officers (DPOs). Mikl\u00f3s P\u00e9ter - Data protection lawyer, GDPR lawyer\",\"breadcrumb\":{\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage\",\"url\":\"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg\",\"contentUrl\":\"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg\",\"width\":1279,\"height\":853,\"caption\":\"data protection officer, DPO\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dmp.hu\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DPO article series, part 4: The Legal Status of the data protection officer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dmp.hu\/#website\",\"url\":\"https:\/\/dmp.hu\/\",\"name\":\"dr. Mikl\u00f3s P\u00e9ter adatv\u00e9delmi jog\u00e1sz\",\"description\":\"dr. Mikl\u00f3s P\u00e9ter adatv\u00e9delmi jog\u00e1sz\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dmp.hu\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/dmp.hu\/#\/schema\/person\/33cf28dbdf82ac3f69dd4071c6a8fca8\",\"name\":\"bogi.zkdesign\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dmp.hu\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1a8251c2597313f5cc7330974e5ff6fa111547acfc6b819d5fc4ef4a58bc0a71?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1a8251c2597313f5cc7330974e5ff6fa111547acfc6b819d5fc4ef4a58bc0a71?s=96&d=mm&r=g\",\"caption\":\"bogi.zkdesign\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DPO article series: The Legal Status of the data protection officer","description":"The most important parts of the status and duties of the Data Protection Officers (DPOs). Mikl\u00f3s P\u00e9ter - Data protection lawyer, GDPR lawyer","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/","og_locale":"en_US","og_type":"article","og_title":"DPO article series, part 4: The Legal Status of the data protection officer","og_description":"The most important parts of the status and duties of the Data Protection Officers (DPOs). Mikl\u00f3s P\u00e9ter - Data protection lawyer, GDPR lawyer","og_url":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/","og_site_name":"dr. Mikl\u00f3s P\u00e9ter adatv\u00e9delmi jog\u00e1sz","article_published_time":"2023-03-07T11:20:18+00:00","og_image":[{"width":1279,"height":853,"url":"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg","type":"image\/jpeg"}],"author":"bogi.zkdesign","twitter_card":"summary_large_image","twitter_misc":{"Written by":"bogi.zkdesign","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#article","isPartOf":{"@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/"},"author":{"name":"bogi.zkdesign","@id":"https:\/\/dmp.hu\/#\/schema\/person\/33cf28dbdf82ac3f69dd4071c6a8fca8"},"headline":"DPO article series, part 4: The Legal Status of the data protection officer","datePublished":"2023-03-07T11:20:18+00:00","mainEntityOfPage":{"@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/"},"wordCount":2004,"image":{"@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage"},"thumbnailUrl":"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg","articleSection":["Data Protection"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/","url":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/","name":"DPO article series: The Legal Status of the data protection officer","isPartOf":{"@id":"https:\/\/dmp.hu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage"},"image":{"@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage"},"thumbnailUrl":"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg","datePublished":"2023-03-07T11:20:18+00:00","author":{"@id":"https:\/\/dmp.hu\/#\/schema\/person\/33cf28dbdf82ac3f69dd4071c6a8fca8"},"description":"The most important parts of the status and duties of the Data Protection Officers (DPOs). Mikl\u00f3s P\u00e9ter - Data protection lawyer, GDPR lawyer","breadcrumb":{"@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#primaryimage","url":"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg","contentUrl":"https:\/\/dmp.hu\/wp-content\/uploads\/2023\/03\/data_protection_officer_legal_status.jpg","width":1279,"height":853,"caption":"data protection officer, DPO"},{"@type":"BreadcrumbList","@id":"https:\/\/dmp.hu\/en\/data-protection\/dpo-article-series-part-4-the-legal-status-of-the-data-protection-officer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dmp.hu\/en\/"},{"@type":"ListItem","position":2,"name":"DPO article series, part 4: The Legal Status of the data protection officer"}]},{"@type":"WebSite","@id":"https:\/\/dmp.hu\/#website","url":"https:\/\/dmp.hu\/","name":"dr. Mikl\u00f3s P\u00e9ter adatv\u00e9delmi jog\u00e1sz","description":"dr. Mikl\u00f3s P\u00e9ter adatv\u00e9delmi jog\u00e1sz","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dmp.hu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/dmp.hu\/#\/schema\/person\/33cf28dbdf82ac3f69dd4071c6a8fca8","name":"bogi.zkdesign","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dmp.hu\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1a8251c2597313f5cc7330974e5ff6fa111547acfc6b819d5fc4ef4a58bc0a71?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1a8251c2597313f5cc7330974e5ff6fa111547acfc6b819d5fc4ef4a58bc0a71?s=96&d=mm&r=g","caption":"bogi.zkdesign"}}]}},"_links":{"self":[{"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/posts\/1005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/comments?post=1005"}],"version-history":[{"count":0,"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/posts\/1005\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/media\/1016"}],"wp:attachment":[{"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/media?parent=1005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/categories?post=1005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmp.hu\/en\/wp-json\/wp\/v2\/tags?post=1005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}