With the entering into force of the GDPR in May 2018 the DPO ( Data Protection Officer) will be exposed in a prominent position in the 27 EU member States for the first time. For many companies in the EU the DPO will only by then assume an important role as part of (data protection) company compliance due to GDPR, and: in numbers : much more DPO will be designated compared to today.
DPO’s activities will increase , but DPO’s liability though increased will never assume the importance which lays on the controller ( and the processor) under GDPR provisions.
According to Art.39,1, b DPO will however observe increasingly how to limit, detail his/her scope of intervention ( as an external DPO), in order to avoid pitfalls and claiming his/her liability. A criminal sanction however may only occur in very exceptional circumstances.