Can a DPO Also Be Responsible for Implementation

A DPO can advise on implementation but should not be responsible for decisions or delivery that create conflicts of interest.

Why this matters

GDPR requires DPO independence. Conflicts undermine credibility with regulators.

Acceptable involvement

Providing guidance
Reviewing plans
Challenging decisions

Unacceptable conflicts

Owning systems or processes
Signing off their own work
Reporting into operational delivery

How organisations manage this well

Clear role separation and documented governance.