The EU guidance on the responsibilities of data controllers (i.e. GP Practices) in protecting the independence of the DPO are clear. They state:
“Several safeguards exist in order to enable the DPO to act in an independent manner as stated in recital 97:
- No instructions by the controllers or the processors regarding the exercise of the DPO’s tasks
- No dismissal or penalty by the controller for the performance of the DPO’s tasks
- No conflict of interest with possible other tasks and duties.”
