항해
GDPR > 제39조. 데이터보호담당관의 업무
다운로드 PDF

제39조 GDPR. 데이터보호담당관의 업무

Article 39 GDPR. Tasks of the data protection officer

1. 데이터보호담당관은 최소한 다음 각 호의 업무를 수행하여야 한다.

1. The data protection officer shall have at least the following tasks:

(a) 컨트롤러 또는 프로세서, 그리고 처리를 수행하는 직원에게 본 규정과 유럽연합 또는 회원국의 개인정보 보호 규정에 따른 의무에 대해 고지 및 권고

(a) to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;

관련 교과서

(b) 책임 할당, 인식 제고, 처리 작업에 관련된 직원 교육 및 관련 감사 등 본 규정, 기타 유럽연합 또는 회원국의 개인정보 보호 규정, 개인정보 보호와 관련한 컨트롤러 또는 프로세서의 정책이 준수되는지 모니터링

(b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

ISO 27701
관련 교과서

(c) 요청이 있을 경우, 제35조에 따라 개인정보보호 영향평가에 관한 자문 제공 및 평가의 이행을 모니터링

(c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;

관련 교과서

(d) 감독기관과 협력

(d) to cooperate with the supervisory authority;

(e) 제36조에 규정된 사전 자문 등, 처리에 관련한 현안에 대해 감독기관의 연락처의 역할 수행 및 적절한 경우, 기타 사안에 대한 자문 제공

(e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.

2. 데이터보호담당관은 업무를 수행할 때 처리의 성격과 범위, 상황, 목적을 참작하여 처리 작업과 연계된 위험을 충분히 고려해야 한다.

2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

관련 교과서
전문가 해설 ISO 27701 지침 및 사례 법률 코멘트를 남겨주세요
전문가 해설

(EN) Article 39 lists the main (but not all) tasks that fall under the remit of the Data Protection Officer (DPO). Among them, there are three main functions (although DPO competences are not necessarily limited to them):

  1. Consulting (39.1a, c),
  2. Control / monitoring (39.1b),
  3. Relationship with the supervising authorities (39.1d, e).

1. The consulting function means that the DPO provides information and explanations about the GDPR and its compliance to the controller and processor as well as to the employees of the controller and processor who are involved in the processing of personal data. In particular the role of DPO is important in the context of Data Protection Impact Assessment (DPIA), because DPO advises and monitors its implementation according to Article 35 of the GDPR. WP29 recommends that the controller seeks the advice of the DPO, e.g. on the following issues:

  • whether or not to conduct a DPIA


전체 텍스트에 액세스하려면

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added a requirement additional to ISO/IEC 27002, section 6.1.1.

Here is the relevant paragraph to article 39 GDPR:

6.3.1.1 Information security roles and responsibilities

Implementation guidance

The organization should designate a point of contact for use by the customer regarding the processing of PII. When the organization is a PII controller, designate a point of contact for PII principals regarding the processing of their PII (see 7.3.2).


전체 텍스트에 액세스하려면

지침 및 사례 법률 코멘트를 남겨주세요
[js-disqus]