The controller is responsible for performing the DPIA. However, after executing it, it is necessary to have the opinion of the DPO – in charge of Data Protection, so that it can give its opinion, favorable or not for the continuity of processing.
Article 35 of GDPR
2.The controller shall seek the advice of the data protection officer, where designated, when carrying out a data protection impact assessment.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit