Directors, IT administrators, personnel managers and other managers with responsibilities regarding the data processing, are not generally permitted to hold the position of the data protection officer.
Each controller processing personal data may be required to appoint a data protection officer. The controller shall be free to choose whether an internal or external data protection officer is to be employed, Art. 37 (6) GDPR (valid as of 25 May 2018). If an internal data protection officer is designated, we believe that he or she shall fulfill the following requirements:
Sufficient knowledge of IT systems and data processing procedures.
Thorough and impeccable coworker in relation to superiors and colleagues.
Autonomous and independent pursuit of his activity.
Just attitude, fairness and loyalty to the enterprise belong to it.
Legal Knowledge of Data Protection
Good knowledge of national data protection law, European directives and regulations.
Assertiveness, self-assurance and ability to counter-balance are absolutely necessary.
Willingness to learn
Willingness to engage in further training.
Diligence, accuracy, and sense of duty should be his strengths.