What is the DPO's responsibility if they advise not to report a breach to the supervisory authority? Can they face any consequences?
ANSWER
Under the GDPR itself, there are no provisions that impose liability on the Data Protection Officer (DPO) for actions related to the performance of their duties. The DPO does not bear personal responsibility for violations of the GDPR.
However, the DPO may be held liable as an employee (under the rules governing employee liability for damage caused to the employer) or, where the relationship is based on another form of cooperation, may incur civil liability for damage caused.


