How to save up to €525K when appointing a DPO?
The Berlin Commissioner for Data Protection and Freedom of Information has imposed a fine of 525,000 EUR on a Berlin-based retail company for violation of data protection officer requirements (DPO). An investigation found a conflict of interest concerning the DPO’s employment status and decision-making responsibilities that violated the requirements of the GDPR. In this case the DPO was simultaneously the managing director of two companies that were processing personal data on behalf of the fined company.
Our experts have a few tips to ensure compliance in similar situations:
- If you do decide to appoint a member of your staff to the DPO role, make sure that such person does not make decisions on the processing of personal data in their primary role.
- The most viable solution is to hire a designated DPO. This could be a full-time employee employed as a dedicated DPO or an external data protection consultant.
- In any case, remember that the independence of the DPO is the most important criterion. This could be achieved by drawing up internal rules to ensure that the DPO acts independently and without instruction from their employer.
#GDPR #dataprotection #law