Article 38 - Position of the data protection officer

Article 38 defines the position of the data protection officer, requiring the appointment of a qualified individual who operates independently, reports directly to senior management, and is tasked with monitoring compliance, advising on data-protection impact assessments, and serving as the liaison with supervisory authorities.