Article 38 of the General Data Protection Regulation (GDPR) deals with the position of the Data Protection Officer (DPO). All public authorities and bodies including Government Departments are required to designate a DPO. My Department has assigned the DPO role to a senior manager at Principal level and has also assigned considerable staff resources to support the DPO.
As Deputy is aware, Article 38 (6) provides:
"The data protection officer may fulfil other tasks and duties. The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests for the DPO."
The DPO does not have tasks or duties that result in a conflict of interests. Further, my Department does not interfere in any way with the DPO's independent functions, nor does it instruct the DPO in the exercise of DPO responsibilities.