IT and the DPO should work together, with IT providing facts and the DPO advising on GDPR implications.

Why this matters

Poor coordination and inadequate evidence capture result in flawed decisions.

Effective collaboration

• IT supplies technical facts quickly
• DPO assesses risk and notifiability
• Decisions are documented jointly
  
  

What good looks like

• Clear escalation paths
• Agreed upon and well understood definition of roles
  
  

Evidence of coordination

• Incident records showing IT and DPO input