In performing his or her tasks and duties, the DPO:
(a)
shall have access at all times to the data forming the subject-matter of processing operations and to all offices, data-processing installations and data carriers;
(b)
may request legal opinions from the Council Legal Service;
(c)
may request other support from the relevant of the GSC directorates-general and services;
(d)
may assign files to the GSC directorates-general and services concerned for appropriate follow-up;
(e)
may perform investigations on request, or on his or her own initiative, into matters and occurrences directly relating to the DPO tasks in accordance with the procedure set out in Article 14;
(f)
may propose administrative measures to the Secretary-General of the Council and issue general recommendations on the appropriate application of Regulation (EU) 2018/1725;
(g)
may make recommendations for the practical improvement of the application of Regulation (EU) 2018/1725 to the GSC, the delegated controllers and operational controllers, including:
(i)
calling upon the delegated controller or the processor to comply with a data subject’s request for the exercise of his or her rights pursuant to Regulation (EU) 2018/1725;
(ii)
issuing warnings to the delegated controller or the processor where a processing operation infringes provisions of Regulation (EU) 2018/1725, and calling upon them to bring processing operations into compliance, where appropriate, in a specified manner and within a specified period;
(iii)
calling upon the delegated controller or the processor to suspend data flows to a recipient in a Member State, to a third country or to an international organisation;
(iv)
requesting the delegated controller or the processor to report within a set deadline to the DPO on the follow-up given to the DPO’s recommendation or advice;
(h)
may request the services of external information and communication technologies experts upon prior agreement of the authorising officer in compliance with Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council ( 9 ) ;
(i)
shall be invited to the relevant management boards and committees of the GSC whenever issues relating to the processing of personal data are discussed and may propose relevant points on the agenda of those boards and committees;
(j)
may bring to the attention of the Appointing Authority of the GSC any failure of a GSC staff member to comply with the obligations under Regulation (EU) 2018/1725 and suggest that an administrative investigation be launched with a view to the possible application of the sanctions provided for in Article 69 of that Regulation;
(k)
shall be responsible for initial decisions on requests for access to documents held by his or her office under Regulation (EC) No 1049/2001, in consultation with the relevant services of the GSC.