Thought of the Day: Fined for appointing a Data Protection Officer?

January 22 19:38 2018 Print This Article

The General Data Protection Regulation will require many organisations to appoint a Data Protection Officer (DPO). But, you must remember that there are specific requirements for who is appointed as the DPO. Violating these requirements could result in the lower level of a fine – of up to €10 million or 2% of annual global turnover.

Companies can appoint an employee of the company as an internal DPO or a professional data privacy advisor as an external DPO. The appointed DPO must have the necessary knowledge and expertise in data protection law and must be reliable as well as independent. The Article 29 Working Party has stated that the DPO should not have any conflicts of interest. For example, this could arise if the DPO is a member of the company’s internal legal counsel. Although it is important to appoint a DPO, it is just as important to choose the right person for the role.

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

1 Comment

  1. DriveStrike
    May 07, 15:31 #1 DriveStrike

    Data Protection Officers should be certified and focus their attention on data security practices that prevent breach by design. Using remote wipe and other data breach prevention measures is a great way to minimize the blast radius of a lost or stolen laptop or other computing devices.

    Reply to this comment

Add a Comment