Facilities and powers of the data protection officer
Conflict of interests
The data protection officer may perform his/her duties in parallel with other tasks, but they must not cause conflicts of interest.
This means that the data protection officer cannot be in a position where he decides the purpose and method of processing personal data. This must be considered in each case, taking into account the specificity and organisational structure of each institution/entity.
Here, too, it is especially important to note that when deciding how certain processing should be conducted, the responsibility cannot be placed on the data protection officer, although this may be tempting – as he would then be making decisions about the processing of personal data, which in turn would cause conflicts of interest.
As a general rule, conflicts of interest can occur if a data protection officer is a middle manager in an organisation (such as managing director, chief operating officer, finance officer, marketing officer, human resources officer, technical officer, etc.).
However, this may also apply to other lower-ranking employees whose work involves the decision-making on the purpose and method of processing personal data.
In addition, conflicts of interest can occur if an external data protection officer is asked to represent an organisation in court in a case concerning the processing of personal data by the person concerned.
A list of processing activities can help to assess whether there is a potential conflict of interest in decision making.
The independence of the data protection officer does not mean that he has discretion beyond the tasks assigned to him.
