A confluence of comprehensive data protection regulations, massive data breaches, and corresponding consumer awareness of digital privacy issues means privacy is no longer a niche issue, bent on mere compliance. Obligations to design privacy into products and services from the beginning to stave off curious regulators, an outraged media, and untrusting consumers, means that companies are putting more stock in data protection.
The role of the Data Protection Officer (DPO) and what requirements needs to meet has now been partially clarified by the Italian privacy authority.
GDPR was supposed to establish what sort of data sites can collect without asking for an opt-in. However, a part of GDPR that’s still being drafted – called the ePrivacy Regulations – requires an opt-in for any data that is collected. This stance contradicts the more permissive parts of the GDPR, and it’s creating consternation among publishers, who argue that those with the largest audiences will have an easier time collecting opt-ins than smaller companies. This situation will allow power to accrue to only a handful of powerful players with large audiences.
People who currently serve as chief privacy officers for businesses operating in the EU may not necessarily be able to perform the role of data protection officer for those companies under the General Data Protection Regulation (GDPR).
As the titular head of the data protection and privacy program, the DPO may be interpreted as the final decision maker surrounding the use of personal data, and in some jurisdictions that role can come with personal civil and criminal liability. In this white paper overview, IAPP Legal Extern Carissa Hanratty, CIPP/US, explores some of the jurisdictions in which personal liability exists, with an appendix linking to the various legal texts.
Source: The legal risks for the DPO
Is an £80k salary really enough for the combination of skills and responsibilities required for the role?
France’s data protection authority, the CNIL, has produced a helpful six-step methodology for organizations preparing to comply with the EU’s General Data Protection Regulation. At the top of the list is appointing a DPO. Check.
Applying a customer identity and access management platform to your organisation could better prepare your business for GDPR.
20 July 2017 The Spanish data protection authority announced, on 13 July 2017, that it had instituted a data protection officer certification scheme (‘the Scheme’) in collaboration with the National Accreditation Entity in light of the General Data Protection Regulation (GDPR).
Everyone’s an “expert” these days and all products solve the problem of GDPR, or at least that’s what we’re being told.