Free tools and resources for Data Protection Officers!

Tag Archives for " DPO "

Why DPOs should understand EU Copyright Law

DPOs are responsible for other EU data protection laws besides just the General Data Protection Regulation, including at least parts of the ePrivacy Directive. The question is: Should DPOs also be required to have knowledge of other laws?

Three scenarios where DPOs should be aware of EU copyright law have been discussed: where personal data and copyrighted materials have been intermixed and cannot easily be separated to respond to the exercise of data subject rights, where personal data is used within a database that could become protected by an organization who is not the data controller, and for obligations related to GDPR under the proposed amended revision to the Copyrights Directive.

Full article: Why DPOs should understand EU Copyright Law

CNIL Adopts Referentials on DPO Certification

On October 11, 2018, the French data protection authority (the “CNIL”) announced that it adopted two referentials (i.e. , guidelines) on the certification of the data protection officer (“DPO”). Both referentials are intended to apply to DPOs located in France. They include a certification referential that sets forth the conditions regarding the admissibility of DPO applications, and lists 17 qualifications that the DPO must have in order to be certified as a DPO by a certification body approved by the CNIL; and
an accreditation referential that outlines the criteria organizations must satisfy in order to be accredited by the CNIL as certification bodies.

Source: CNIL Adopts Referentials on DPO Certification

GDPR Enforcement: Is it really about the fines?

In the lead up to the General Data Protection Regulation, so much of the focus was on fines and regulatory audits, and while that may have been a spark that lit a fire for many privacy organizations, it is becoming increasingly clear that data subjects themselves will have an enforcement role as well, rather than the regulators acting alone.

Read full article: GDPR Enforcement: Is it really about the fines?

DPO liability and potential insurance coverage

Could data protection officers (DPOs) conceivably be exposed to staggering personal liability for data protection violations by their employers or clients? What are the risks of liability for both internal and external DPOs and what options might be available to them to mitigate or insure against that risk?

Read article: DPO liability and potential insurance coverage

Why should a DPO be global?

The General Data Protection Regulation introduces a general EU-wide obligation to appoint a formal data protection officer.

This role is responsible for the data protection (or privacy) management program within data controllers or data processors in order to satisfy regulators and assure that organizations remain in compliance with GDPR over time.

Source: Why should a DPO be global?

DPO Confessional: Think globally, but direct market locally

Applying the consent basis to data processing has territorial implications. Unfortunately, the EU’€™s General Data Protection Regulation contains some ambiguity regarding the proper basis to choose for the purposes of direct marketing -€” the two leading options seem to be legitimate interest or consent. One must look not only to the law but also to custom and practice in each region of interest.

Source: DPO Confessional: Think globally, but direct market locally

A little help with DPO contracts

With the EU General Data Protection Regulation nearly upon us, we at the IAPP have been getting an onslaught of calls and emails from members asking for compliance help.

As the manager of our online Resource Center, I am on the receiving end of the bulk of those questions. Of late, one of the more frequent requests is for a sample data protection officer contract for organizations that need a DPO under the GDPR and plan to outsource the job.

Source: A little help with DPO contracts

GDPR Pushes Up Demand For Data Privacy Officers

New numbers out Wednesday on the cost for companies to implement the European Union’s General Data Protection Requirements (GDPR) compliance vary widely, depending on the industry and the number of employees.

While 80% of companies with between 1 and 9 employees expect compliance to cost their business under $50,000, 92% of those working at an enterprise of more than 1,000 employees expect GDPR compliance to cost their business more than $50,000.

Source: GDPR Pushes Up Demand For Data Privacy Officers 04/12/2018

1 2 3 5
>