The DPO reports to the highest relevant management level of your company. Furthermore, the DPO must be independent, which means he or she must never receive any instructions regarding the respective tasks and cannot be terminated or penalised for carrying out these duties. The DPO may not have any responsibilities that could result in a conflict of interest with the requirements of the DPO position.
The controller must ensure that the DPO is properly and timely involved in all data protection issues of the company. It is also the controller’s responsibility to provide the DPO with the necessary resources and access to personal data and processing operations.