Can an association’s board member be a DPO in the same association at the same time?
It is unacceptable to desigante as DPO a person who is the head (managing) of an entity with the status of a controller or processor, such as, for example, a board member of an association, a school director, a mayor, a company’s member of the board of directors. Adopting a different position would lead to situations in which the DPO in terms of compliance with data protection regulations - would evaluate and monitor himself or herself.
According to Article 38(3) of the GDPR, the DPO shall directly report to the highest management level of the controller or processor, not to be a member of the entity's managing body.