Thought of the Day: DPOs and the GDPR

April 05 14:10 2018 Print This Article

When the General Data Protection Regulation comes into effect on May 25 this year, Data Protection Officers (DPOs) will be mandatory for certain organisations. This includes organisations where the core business activities consist of:

  • the regular and systematic monitoring of data subjects on a large scale, or
  • the processing on a large scale of sensitive data (including health or biometric data) or personal data relating to criminal convictions and offences

Organisations must ensure that any further tasks and duties of the DPO do not result in conflicts of interest. In the past, we have seen the German Data Protection Authority fining a company for having the IT Manager appointed as a DPO, which was seen as a conflict of interest under the German Federal Data Protection Act (FDPA). Not meeting the DPO obligations under the GDPR could lead to a fine of up to €10 million or 2% global annual turnover.

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment