Data protection is not a one-time or short-term issue. It is an ongoing process that must be constantly adapted and, if necessary, redesigned due to changes in the law, technical innovations or changing business areas. Accordingly, monitoring compliance with data protection requirements is an important, but at the same time one of the most complex tasks of the data protection officer.
No general statement can be made as to what such monitoring may look like. As with the determination of the workload of the data protection officer, the factors of company size and the field of activity of the company are decisive. At the same time, however, the subjective factor of the corporate culture is a decisive one here, since this can have a strong influence on the daily work processes.