In light of recent regulator action regarding Data Protection Officer (DPO) independence, this article considers the ethical and practical considerations surrounding the appointment of a DPO.
The fines and regulatory risk
On April 28, 2020, the Belgian Data Protection Authority (DPA) issued a €50,000 fine to an organization for appointing the head of compliance, audit and risk management as DPO. The Belgian DPA argued that combining these two roles creates a conflict of interest and violates Article 38(6) of the GDPR.
This decision is in line with earlier holdings where the Belgian DPA stated that DPOs cannot delete the personal information of a data subject themselves. All decisions regarding the data processing must be taken by the data controller with the advice of the DPO. The DPO’s role is to inform, advise, monitor compliance, and ..
Support the originator by clicking the read the rest link below.
