Thought of the Day: Fined for appointing a Data Protection Officer?

by GDPR Associates | 22nd January 2018 7:38 pm

The General Data Protection Regulation will require many organisations to appoint a Data Protection Officer (DPO). But, you must remember that there are specific requirements for who is appointed as the DPO. Violating these requirements could result in the lower level of a fine – of up to €10 million or 2% of annual global turnover.

Companies can appoint an employee of the company as an internal DPO or a professional data privacy advisor as an external DPO. The appointed DPO must have the necessary knowledge and expertise in data protection law and must be reliable as well as independent. The Article 29 Working Party has stated that the DPO should not have any conflicts of interest. For example, this could arise if the DPO is a member of the company’s internal legal counsel. Although it is important to appoint a DPO, it is just as important to choose the right person for the role.

Source URL: