What should practices do and not do to protect the independent role of their DPO

The EU guidance on the responsibilities of data controllers (i.e. GP Practices) in protecting the independence of the DPO are clear.  They state:

“Several safeguards exist in order to enable the DPO to act in an independent manner as stated in recital 97:

  • No instructions by the controllers or the processors regarding the exercise of the DPO’s tasks
  • No dismissal or penalty by the controller for the performance of the DPO’s tasks
  • No conflict of interest with possible other tasks and duties.”