What are the tasks of the data protection officer?
Data Protection Officers are responsible for the following tasks in the Provincial Capital of Innsbruck according to Art 39 of the General Data Protection Regulation (GDPR):
- Informing and advising the controller or processor and the employees who carry out processing operations regarding their obligations under this Regulation and other Union or Member State data protection regulations;
- Monitoring compliance with this Regulation, other Union or Member State data protection legislation, and the controller's or processor's personal data protection policies, including the allocation of responsibilities, awareness-raising and training of staff involved in processing operations, and reviews in this regard;
- Advice - upon request - in connection with the data protection impact assessment and monitoring of its implementation in accordance with Art 35;
- Cooperation with the supervisory authority;
- Acting as a point of contact for the supervisory authority on issues related to the processing, including prior consultation pursuant to Art 36, and advising on any other issues, as appropriate.
In performing his or her duties, the Data Protection Officer shall take due account of the risk inherent in the processing operations, taking into account the nature, scope, circumstances and purposes of the processing.
Other areas of work of the data protection officer?
- The data protection officer and the persons working for him or her are obligated to maintain confidentiality in the performance of their duties, without prejudice to other duties of confidentiality. This applies in particular to the identity of data subjects who have contacted the data protection officer and to circumstances that allow conclusions to be drawn about these persons, unless the data subject has expressly released the data protection officer from the obligation to maintain confidentiality. The data protection officer and the persons working for him or her may use the information made available exclusively for the fulfillment of their tasks and are also obliged to maintain confidentiality after the end of their activities.
- If, in the course of his or her activities, a data protection officer becomes aware of data for which a person employed by a body subject to the data protection officer's control has a statutory right to refuse to testify, the data protection officer and the persons working for him or her shall also be entitled to this right insofar as the person entitled to the statutory right to refuse to testify has made use of it. To the extent of the data protection officer's right to refuse to testify, his or her files and other documents are subject to a ban on seizure and confiscation.
- The data protection commissioner in the public sector (established in forms of public law, in particular also as a body of a territorial authority) shall be free from instructions with regard to the performance of his/her duties. The supreme body has the right to obtain information from the data protection commissioner in the public sector about the objects of management. The data protection officer shall comply with this only to the extent that this does not conflict with the independence of the data protection officer within the meaning of Article 38 (3) of the GDPR.
- Within the sphere of activity of each federal ministry, one or more data protection officers shall be provided for, taking into account the type and scope of data processing and depending on the institution of the federal ministry. These must belong to the respective federal ministry or the respective subordinate department or other institution.
- The data protection officers in the public sector pursuant to subsection 4 shall maintain a regular exchange of experience, in particular with a view to ensuring a uniform standard of data protection.