Navegaci贸n
RGPD > Art铆culo聽39. Funciones del delegado de protecci贸n de datos
Descargar PDF

Art铆culo聽39 RGPD. Funciones del delegado de protecci贸n de datos

Article 39 GDPR. Tasks of the data protection officer

1. El delegado de protecci贸n de datos tendr谩 como m铆nimo las siguientes funciones:

1. The data protection officer shall have at least the following tasks:

a) informar y asesorar al responsable o al encargado del tratamiento y a los empleados que se ocupen del tratamiento de las obligaciones que les incumben en virtud del presente Reglamento y de otras disposiciones de protecci贸n de datos de la Uni贸n o de los Estados miembros;

(a)聽to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;

Textos enlazados

b) supervisar el cumplimiento de lo dispuesto en el presente Reglamento, de otras disposiciones de protecci贸n de datos de la Uni贸n o de los Estados miembros y de las pol铆ticas del responsable o del encargado del tratamiento en materia de protecci贸n de datos personales, incluida la asignaci贸n de responsabilidades, la concienciaci贸n y formaci贸n del personal que participa en las operaciones de tratamiento, y las auditor铆as correspondientes;

(b)聽to monitor compliance with this Regulation, with other Union or Member聽State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

ISO 27701
Textos enlazados

c) ofrecer el asesoramiento que se le solicite acerca de la evaluaci贸n de impacto relativa a la protecci贸n de datos y supervisar su aplicaci贸n de conformidad con el art铆culo聽35;

(c)聽to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article聽35;

Textos enlazados

d) cooperar con la autoridad de control;

(d)聽to cooperate with the supervisory authority;

e) actuar como punto de contacto de la autoridad de control para cuestiones relativas al tratamiento, incluida la consulta previa a que se refiere el art铆culo聽36, y realizar consultas, en su caso, sobre cualquier otro asunto.

(e)聽to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article聽36, and to consult, where appropriate, with regard to any other matter.

2. El delegado de protecci贸n de datos desempe帽ar谩 sus funciones prestando la debida atenci贸n a los riesgos asociados a las operaciones de tratamiento, teniendo en cuenta la naturaleza, el alcance, el contexto y fines del tratamiento.

2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

Textos enlazados
Comentario de expertos ISO 27701 Ley de Directrices y caso Deja un comentario
Comentario de expertos

(EN) Article 39 lists the main (but not all) tasks that fall under the remit of the Data Protection Officer (DPO). Among them, there are three main functions (although DPO competences are not necessarily limited to them):

  1. Consulting (39.1a, c),
  2. Control / monitoring (39.1b),
  3. Relationship with the supervising authorities (39.1d, e).

1. The consulting function means that the DPO provides information and explanations about the GDPR and its compliance to the controller and processor as well as to the employees of the controller and processor who are involved in the processing of personal data. In particular the role of DPO is important in the context of Data Protection Impact Assessment (DPIA), because DPO advises and monitors its implementation according to Article 35 of the GDPR. WP29 recommends that the controller seeks the advice of the DPO, e.g. on the following issues:

  • whether or not to conduct a DPIA


para acceder al texto completo

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27002, section 6.1.1.

Here is the relevant paragraph to article 39 GDPR:

6.3.1.1 Information security roles and responsibilities

Implementation guidance

The organization should designate a point of contact for use by the customer regarding the processing of PII. When the organization is a PII controller, designate a point of contact for PII principals regarding the processing of their PII (see 7.3.2).


para acceder al texto completo

Ley de Directrices y caso Deja un comentario
[js-disqus]