„Our HR employee has taken on the responsibilities of the DPO, has attended training, and will manage it."
Are you sure about that?
Article 39 GDPR
Responsibilities of the data protection officer
(a) informing and advising the controller, the processor and the staff who process personal data of their obligations under this Regulation and other Union or Member State data protection legislation;
(b) monitoring compliance with this Regulation, other Union or Member State data protection legislation and the policies of the controller or processor in the field of personal data protection, including division of responsibilities, awareness-raising activities, training of personnel involved in processing operations and related audits;
(c) providing recommendations, upon request, regarding data protection impact assessments and monitoring their implementation in accordance with Article 35;
(d) cooperation with the supervisory authority;
(e) acting as a point of contact for the supervisory authority on matters related to processing, including the prior consultations referred to in Article 36, and, where appropriate, consulting on any other matters.
2. The Data Protection Officer shall perform his tasks with due regard to the risks of the processing operations, taking into account the nature, scope, context and purposes of the processing.
