European Union: Adopted EDPB Second Coordinated Enforcement Action 2023 on Role of DPOs

On 16 January 2024, the European Data Protection Board adopted its second Coordinated Enforcement Action for the year 2023. The action aimed at examining whether Data Protection Officers (DPOs) in relevant organisations have the necessary influence and resources to fulfil their functions, as required by Articles 37 to 39 of the EU General Data Protection Regulation (GDPR). The EDPB found that the majority of DPOs have the necessary skills and knowledge to conduct their work, that they are trained regularly, that their tasks are clearly defined and that they work independently. Further, when it comes to the consultation of DPOs, the EDPB found that the DPOs are mostly consulted and provided with sufficient information to conduct their work as well as that their recommendations are mostly followed. However, the EDPB also found that some DPOs face certain challenges when it comes to their knowledge and resources, independence and designation as DPOs. To address these challenges, the EDPB gave some recommendations in the report to strengthen the independence of DPOs and provide them with the necessary resources to conduct their work.