A data controller appoints a data protection officer. Which of the following conditions would NOT result in an infringement of Articles 37 to 39 of the GDPR?
A data controller appoints a data protection officer. Which of the following conditions would NOT result in an infringement of Articles 37 to 39 of the GDPR?
According to the GDPR, the data protection officer (DPO) must not be subject to a conflict of interest or receive instructions related to the exercise of their tasks. However, there is no specific requirement for the DPO to have an ISO 27001 auditor certification. Therefore, lacking such a certification would NOT result in an infringement of Articles 37 to 39 of the GDPR.
answer should be A, lol.
Independence