Every significant data fiduciary shall appoint a data protection officer possessing such qualification and experience as may be specified by regulations for carrying out the following functions—
- providing information and advice to the data fiduciary on matters relating to fulfilling its obligations under this Act;
- monitoring personal data processing activities of the data fiduciary to ensure that such processing does not violate the provisions of this Act;
- providing advice to the data fiduciary on carrying out the data protection impact assessments, and carry out its review under sub-section (4) of section 27;
- providing advice to the data fiduciary on the development of internal mechanisms to satisfy the principles specified under section 22;
- providing assistance to and co-operating with the Authority on matters of compliance of the data fiduciary with the provisions under this Act;
- act as the point of contact for the data principal for the purpose of grievances redressal under section 32; and
- maintaining an inventory of records to be maintained by the data fiduciary under section 28.