When appointing a DPO, businesses need to make both operational and ethical considerations to ensure the DPO can act independently and without conflict. Businesses are legally required to appoint a DPO are more likely to have created a core DPO role within their organisation to fulfil day to day responsibilities that were set out in the GDPR. However, some businesses may have assigned these additional responsibilities to an already existing role, creating a dual position, which could result in the DPO being conflicted.
In April 2020, the Belgian Data Protection Authority imposed a fine of €50K after it deemed a company who had appointed a Data Protection Officer, who held a dual role within the business as Head of Compliance, Risk and Audit, did not meet the GDPR requirements of being free from conflict when conducting the DPO role. While this is a Belgian case, under the GDPR consistency mechanism it must be considered that the UK’s ICO may reach a similar decision.
The decision reached by the Belgian authorities has led to some businesses questioning whether the additional duties carried out by the own DPO create a conflict of interest. The same question should be asked by businesses who may be considering redundancies as a result of the Coronavirus pandemic. If you are thinking about creating a dual role by combining responsibilities of the DPO within another role – will the DPO be independent?
Data Protection specialists, Loretta Maxfield and Morgan O’Neill hosted a short webinar to highlight the key points in this case which will help businesses avoid DPO conflicts of interest within their own organisations.
Topics covered included:
- Does your organisation need a DPO? An update on criteria for appointing a DPO.
- DPO roles and responsibilities
- Avoiding Conflicts of interest, and handling them if they do arise now or in the future.
- Internal v external DPO.
If you have questions about appointing a DPO, please Morgan or Loretta on 03330 430350
Broadcast: 9 July 2020. The content in this webinar, guidance and advice provided by the host, is correct at the time of broadcast. If you are watching a recording after the broadcast date please contact us for the most up to date guidance and advice on this topic.