Article 23
Data protection officer
The controller must grant the data protection officer:
- a. access to the required resources;
- b. access to all information, documents, records of processing activities and personal data that the officer requires to fulfil his or her tasks;
- c. the right to notify the highest management or governing body in important cases.