fbpx

Download free GDPR compliance checklist!

Tag Archives for " DPO "

Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Following its investigation of a personal data breach, the Belgian Data Protection Authority (DPA) issued a ruling on April 28, 2020, imposing a €50,000 fine on an organization for negligence in having appointed the company’s head of compliance, risk and audit as its data protection officer (DPO).

Notably, the DPA highlighted that the organization had not implemented a policy defining the DPO’s role until at least July 2019. Although such a policy had been prepared, the DPA indicated that such preparation alone was not enough to demonstrate the DPO’s independence.

Source: Belgian Authority Raises Red Flag for DPOs with Multiple Roles

Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements

On April 28, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a €50,000 fine on a company for non-compliance with the requirements under the General Data Protection Regulation related to the appointment of a data protection officer.

In its decision, the Litigation Chamber of the Belgian DPA upheld the alleged infringement of the GDPR’s DPO requirements (in particular Article 38(6) of the GDPR), arguing that by appointing the Head of the Compliance, Risk Management and Audit department as DPO, the company had failed to comply with its obligation to ensure that its DPO is free from any conflict of interest.

Source: Belgian DPA Sanctions Company for Non-Compliance with the GDPR’s DPO Requirements | Privacy & Information Security Law Blog

Germany approves “numerous adaptations to German data protection regulations”

The Federal Council (‘Bundesrat’) announced, on 20 September 2019, that it had approved several amendments to the draft law on the adaptation of data protection legislation in relation to the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement (‘the Law Enforcement Directive’).

The Amendments outline, among other things, that the obligation to appoint a data protection officer (DPO) will apply to companies with at least 20 employees, and that employees’ consent to data processing will have to be provided in writing or electronically. The Draft Law will now pass to the President of the Federal Government for signing, and will come into force the day after its promulgation.

Source: Germany: Bundesrat approves “numerous adaptations to German data protection regulations”

An estimated 500K organizations have registered DPOs across Europe

As the EU General Data Protection Regulation approaches its first birthday, hundreds of thousands of privacy professionals have jobs tied to the milestone.

New IAPP research indicates that an estimated 500,000 organizations have registered data protection officers across Europe under the GDPR.

Full article: Study: An estimated 500K organizations have registered DPOs across Europe

Forget about defining a DPO; define the data protection committee instead

Data protection professionals and organization management officers share a common question: Who should the data protection officer be? Some argue that a legal professional is most suitable for this role; some argue that an operations professional is the natural pick.

Full article: Forget about defining a DPO; define the data protection committee instead

Why DPOs should understand EU Copyright Law

DPOs are responsible for other EU data protection laws besides just the General Data Protection Regulation, including at least parts of the ePrivacy Directive. The question is: Should DPOs also be required to have knowledge of other laws?

Three scenarios where DPOs should be aware of EU copyright law have been discussed: where personal data and copyrighted materials have been intermixed and cannot easily be separated to respond to the exercise of data subject rights, where personal data is used within a database that could become protected by an organization who is not the data controller, and for obligations related to GDPR under the proposed amended revision to the Copyrights Directive.

Full article: Why DPOs should understand EU Copyright Law

CNIL Adopts Referentials on DPO Certification

On October 11, 2018, the French data protection authority (the “CNIL”) announced that it adopted two referentials (i.e. , guidelines) on the certification of the data protection officer (“DPO”). Both referentials are intended to apply to DPOs located in France. They include a certification referential that sets forth the conditions regarding the admissibility of DPO applications, and lists 17 qualifications that the DPO must have in order to be certified as a DPO by a certification body approved by the CNIL; and
an accreditation referential that outlines the criteria organizations must satisfy in order to be accredited by the CNIL as certification bodies.

Source: CNIL Adopts Referentials on DPO Certification

CNIL releases ‘DPO logo’ for at-a-glance recognition

In order to acknowledge the quality of the DPO designated by a data controller, the CNIL has recently released a DPO logo available for internal and external communications of DPOs whose designation has been notified to the CNIL.

Source: CNIL releases ‘DPO logo’ for at-a-glance recognition

GDPR Enforcement: Is it really about the fines?

In the lead up to the General Data Protection Regulation, so much of the focus was on fines and regulatory audits, and while that may have been a spark that lit a fire for many privacy organizations, it is becoming increasingly clear that data subjects themselves will have an enforcement role as well, rather than the regulators acting alone.

Read full article: GDPR Enforcement: Is it really about the fines?

1 2 3 6
>