Questions about the data protection officer

The data protection officer has a monitoring, advisory and informative role. This means that if the data protection officer believes personal data is being incorrectly processed and/or handled in a manner that violates the applicable privacy regulations, this will be brought to the attention of the Executive Board. It is then up to the controller to take action. If the Executive Board does not support the data protection officer's position, this must be substantiated and – in consultation with the data protection officer – the decision may be made to consult the Dutch Data Protection Authority. It is ultimately up to a judge to determine whether or not a particular activity violates privacy regulations.

To effectively perform the relevant monitoring duties, the data protection officer has the right to obtain information and visit the various locations at the AUAS. The AUAS is required to provide this information which is necessary for the performance of such duties. The information that the data protection officer receives will be treated as confidential.

The data protection officer is involved at an early stage in all matters relating to the protection of personal data. This gives the data protection officer the opportunity to advise on personal data protection and to assess whether the intended activities are in compliance with the GDPR. The data protection officer will be notified of any data breaches or major security incidents. This information helps the data protection officer to gain insight into the nature and level of the organisation's security, and may give cause for the data protection officer to issue advice in this area.