CEDPO has issued guidance for organisations invited to complete a Data Protection Officer (DPO) questionnaire by their respective Data Protection Authority. This questionnaire is a part of the European Data Protection Board’s (EDPB) 2023 activities under the Coordinated Enforcement Framework (CEF). The focus is to gain a better understanding of the role and position of DPOs within these organisations, a task the EDPB commenced on March 15, 2023. Upon collecting the responses, the EDPB intends to aggregate them into a comprehensive report. CEDPO hopes the results will help clarify the role of the DPO, the resources they should have, and the governance structure that organisations should have in place. Nevertheless, CEDPO expressed concerns about potential inconsistencies that might arise in the aggregated results due to the varying methodologies employed by different Supervisory Authorities.
To assist organisations in diligently completing the questionnaire, CEDPO’s guidance emphasizes the necessity for a collaborative effort between the DPO and the organisation. Furthermore, it underscores the importance of maintaining records that corroborate the responses and encourage a truthful and accurate completion of the questionnaire. The guidance also draws attention to the need for careful consideration of key questions regarding the DPO’s tasks, resources, additional roles, and their involvement in data protection issues. CEDPO aims to encourage organisations to perceive the questionnaire as a valuable opportunity for self-assessment and improvement of their own data protection practices.
You can download the paper here.