Categories
Life with GDPR

DPO Update

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss the Data Protection Officer (DPO) role in light of GDPR – an important requirement outlined in Article 37. They discuss how the European Court of Justice views the role, how Germany had a DPO system in place before GDPR, and that DPOs should be supported by their employer and protected against any potential conflicts of interest. They touch on the shortage of suitable DPOs due to the price and resource requirements of the role, as well as the example of a data protection authority showing up to an organization and finding a person who had been recently trained. Tune in to discover more key insights about the role of the DPO as you stay knowledgeable on GDPR compliance with Life with GDPR.

Key Takeaways:

European Court of Justice and the GDPR System [00:05:46]

DPO Roles and Responsibilities [00:10:50]

Data Protection Authority Visit to an Organization [00:15:26]

Notable Quotes:

  1. “The Role of a DPO, in simple terms, is to sort of act as a sort of police officer to police the organization’s handling of data.”
  2. “If you look at GDPR article 37 5, it says that a data protection officer must be designated on the basis of professional qualities. In particular, expert knowledge of data protection law and practices, and there’s a number of duties in Article 39 they have to be able to perform.”
  3. “Regulators will expect to see competency. And it’s probably easier for a regulator to judge competency than it is to judge conflict of interest.”
  4. “I think it is definitely worthwhile putting resources in training and also currency.”

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Connect with Tom Fox

Connect with Jonathan Armstrong

Categories
Life with GDPR

Requirements for the DPO

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider recent decision by the Belgian Data Protection Authority which imposed a fine of €50,000 ($54,203) on an un-named organization for non-compliance with the GDPR conflict of interest requirement; in the selection of its Data Protection Officer.  Some of the highlights are:

  1. What were the issues and interests involved in this case?
  2. What are the requirements for a DPO under GDPR?
  3. How and why was the company ‘seriously negligent’?
  4. What are the implications going forward?
  5. What is this decision’s precedential value?
  6. How much expertise, authority and autonomy must a DPO have going forward?

Check out the Cordery Compliance, client alert on this case, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.