Responsibilities and rights of the Data Protection Officer

Since the GDPR entered into force on 25 May 2018 the University of Vienna has a legally required Data Protection Officer (DPO).

They have to be involved in all issues regarding the protection of personal data in a duly and timely manner.

The University of Vienna has to support the Data Protection Officer in fulfilling their tasks and provide them with the necessary resources and access to personal data and processing activities. In addition, the University of Vienna has to make sure it provides all the necessary resources they need to preserve their subject-specific knowledge.

The Data Protection Officer does not act under instructions on how to fulfil their tasks.

Moreover, the University of Vienna may not dismiss the Data Protection Officer on the basis of this function or discriminate against them. However, this does not constitute a general protection against dismissal. They have to report directly to the highest management level.

The Data Protection Officer has the following responsibilities:

  • Informing and counselling the University of Vienna and its staff regarding their obligations according to the data protection regulation.
  • Monitoring and checking compliance with the data protection regulation and strategies aimed at protecting personal data. This includes assigning responsibilities to staff members, raising awareness and staff training.
  • Consultancy – available on request – for data protection impact assessments and monitoring their implementation of these assessments.
  • Cooperating with the supervisory authority and acting as a contact person for it.


You can find more information about the EU General Data Protection Regulation (GDPR) on the intranet of the University of Vienna.