(1) The controller must ensure that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data.
(2) The controller must provide the data protection officer with the necessary resources and access to personal data and processing operations to enable the data protection officer to -
(a) perform the tasks mentioned in section 71, and
(b) maintain his or her expert knowledge of data protection law and practice.
(3) The controller -
(a) must ensure that the data protection officer does not receive any instructions regarding the performance of the tasks mentioned in section 71;
(b) must ensure that the data protection officer does not perform a task or fulfil a duty other than those mentioned in this Part where such task or duty would result in a conflict of interests;
(c) must not dismiss or penalise the data protection officer for performing the tasks mentioned in section 71.
(4) A data subject may contact the dat
…