In the last audit of the performance of the DPO function in enterprises, this issue was also checkd by asking the following questions of the UODO to entrepreneurs: – What is the position of the DPO and who does he report to in the organizational structure of the administrator? – Does the DPO report to persons other than the administrator’s top management in the performance of other tasks.

In the field of security and information

The controller and the processor shall ensure that the data protection officer does not receive instructions on how to perform these tasks. He is not dismissd or penalizd by the controller or processor for fulfilling his tasks. The data database protection officer reports directly to the top management of the controller or processor. The answers given by the surveyd Provincials in Norway show that: More than half report to directors, 26% report to another member of the company’s management, On the other hand, as many as 5% do not know who they report to or have no one to report to, and 3% report to lower level management.

Control of compliance with the requirements

As the Norwegian authority itself notes – this is not in line with the requirements of the GDPR. Because the company’s senior  management Consumer Lead has the final and formal responsibility to ensure compliance with the GDPR. It is therefore important that they are presentd with the DPO’s recommendations so that they can consider these recommendations and compare them with other aspects. The responses show that most DPOs report to executive management, which indicates that top management is often informd about the DPO’s work.