In simple terms, the DPO oversees GDPR compliance, independently, and acts as an intermediary between the organisation, data subjects, and the supervisory authority, ICO.
The minimum tasks of a DPO are defined as:
- To educate the organisation and its employees regarding their data protection obligations and the rights of individuals.
- To monitor compliance with the GDPR.
- To act as the first point of contact for supervisory authorities and individuals whose personal data is processed (e.g. staff, students, parents, carers).