The FabLab Group (established by WP29) drew up the summary document that will lead to issue best practices and guidelines about: the role of the DPO, Data Portability, DPIA and criteria on the Privacy Certification. As for the DPO, as you may have already had occasion to read, I am among those who support the thesis that this is eminently a warranty role, therefore not an operational one, different from the Privacy Officer. For that reason I find it interesting this proposition about the duties of the Data Controller in front of the DPO: “Authorize the DPO to be included and have a real involvement in all protection activities“. So, if we were talking about an operative role, which enforces policy in the company (a privacy officer or compliance manager), would you need a mandate from top management to engage him in privacy activities? Of course not. So it follows that we are talking about a warranty role; or not?!