The Data Protection Officer is appointed by the Data Controller and undertakes the following functions namely:
- ensuring that the data controller processes personal data in compliance with the data protection standards and in compliance with this Act and good practice;
- consulting with the Commissioner to resolve any doubt about how the provisions of this Act and any regulations made under this Act are to be applied;
- ensuring that any contravention of the data protection standards or any provisions of this Act by the data controller is dealt with in accordance with the Act;
- assisting data subjects in the exercise of their rights under this Act, in relation to the data controller concerned.
In addition to the above the Act specifies that a person shall not be qualified to be appointed under the Act if there is or is likely to be any conflict of interest between that person’s duties as a data protection officer and any other duties of that person.
Given the above, the Act does not specify that the Data Protection Officer is to have any special skill or qualifications other than being competent to undertake the functions above and have no conflict of interest.