[sofixa]

That's why GDPR includes personal liability for DPOs(Data Protection Officers) and chief executives, and requires the company have a DPO with no conflict of interest ( e.g. working under the CEO with bonuses based on stock price).

[DharmaPolice]

I think the idea of "no conflict of interest" for an employee of a company is a bit silly. No internal conflict of interests sure, but everyone on payroll has a vested interest in the continued financial health of the organisation.