fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " DPO "

Germany approves “numerous adaptations to German data protection regulations”

The Federal Council (‘Bundesrat’) announced, on 20 September 2019, that it had approved several amendments to the draft law on the adaptation of data protection legislation in relation to the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement (‘the Law Enforcement Directive’).

The Amendments outline, among other things, that the obligation to appoint a data protection officer (DPO) will apply to companies with at least 20 employees, and that employees’ consent to data processing will have to be provided in writing or electronically. The Draft Law will now pass to the President of the Federal Government for signing, and will come into force the day after its promulgation.

Source: Germany: Bundesrat approves “numerous adaptations to German data protection regulations”

An estimated 500K organizations have registered DPOs across Europe

As the EU General Data Protection Regulation approaches its first birthday, hundreds of thousands of privacy professionals have jobs tied to the milestone.

New IAPP research indicates that an estimated 500,000 organizations have registered data protection officers across Europe under the GDPR.

Full article: Study: An estimated 500K organizations have registered DPOs across Europe

Forget about defining a DPO; define the data protection committee instead

Data protection professionals and organization management officers share a common question: Who should the data protection officer be? Some argue that a legal professional is most suitable for this role; some argue that an operations professional is the natural pick.

Full article: Forget about defining a DPO; define the data protection committee instead

Why DPOs should understand EU Copyright Law

DPOs are responsible for other EU data protection laws besides just the General Data Protection Regulation, including at least parts of the ePrivacy Directive. The question is: Should DPOs also be required to have knowledge of other laws?

Three scenarios where DPOs should be aware of EU copyright law have been discussed: where personal data and copyrighted materials have been intermixed and cannot easily be separated to respond to the exercise of data subject rights, where personal data is used within a database that could become protected by an organization who is not the data controller, and for obligations related to GDPR under the proposed amended revision to the Copyrights Directive.

Full article: Why DPOs should understand EU Copyright Law

CNIL Adopts Referentials on DPO Certification

On October 11, 2018, the French data protection authority (the “CNIL”) announced that it adopted two referentials (i.e. , guidelines) on the certification of the data protection officer (“DPO”). Both referentials are intended to apply to DPOs located in France. They include a certification referential that sets forth the conditions regarding the admissibility of DPO applications, and lists 17 qualifications that the DPO must have in order to be certified as a DPO by a certification body approved by the CNIL; and
an accreditation referential that outlines the criteria organizations must satisfy in order to be accredited by the CNIL as certification bodies.

Source: CNIL Adopts Referentials on DPO Certification

CNIL releases ‘DPO logo’ for at-a-glance recognition

In order to acknowledge the quality of the DPO designated by a data controller, the CNIL has recently released a DPO logo available for internal and external communications of DPOs whose designation has been notified to the CNIL.

Source: CNIL releases ‘DPO logo’ for at-a-glance recognition

GDPR Enforcement: Is it really about the fines?

In the lead up to the General Data Protection Regulation, so much of the focus was on fines and regulatory audits, and while that may have been a spark that lit a fire for many privacy organizations, it is becoming increasingly clear that data subjects themselves will have an enforcement role as well, rather than the regulators acting alone.

Read full article: GDPR Enforcement: Is it really about the fines?

DPO liability and potential insurance coverage

Could data protection officers (DPOs) conceivably be exposed to staggering personal liability for data protection violations by their employers or clients? What are the risks of liability for both internal and external DPOs and what options might be available to them to mitigate or insure against that risk?

Read article: DPO liability and potential insurance coverage

Why should a DPO be global?

The General Data Protection Regulation introduces a general EU-wide obligation to appoint a formal data protection officer.

This role is responsible for the data protection (or privacy) management program within data controllers or data processors in order to satisfy regulators and assure that organizations remain in compliance with GDPR over time.

Source: Why should a DPO be global?

1 2 3 6
>