background preloader

Data protection Officer

Facebook Twitter

What skills should your DPO absolutely have? Based on surveying data protection officer job postings, companies are trying to fill DPO positions with junior associates with only a few years of experience.

What skills should your DPO absolutely have?

Many are treating the DPO as merely an IT role with no legal experience or as a compliance role with no real risk or IT experience. But what does the General Data Protection Regulation in fact require and what do those requirements mean for the DPO’s job skills? It may be useful to summarize the necessarily skills into a listing usable to identify qualified DPO candidates, which you'll find at the bottom of this article.

GDPR’s requirements for DPOs: Risk/IT: Recital 77 and Articles 39.2 and 35.2 require DPOs to offer guidance on risk assessments, countermeasures and data protection impact assessments. New EU Guidelines on Data Protection Officers. Paris University and Hogan Lovells Launch a Data Protection Officer Degree. Home > News & Events > Paris University and Hogan Lovells Launch a Data Protection Officer Degree On January 5, 2017 Paris Law School Panthéon-Assas launched its first university degree (diplôme d’université) aimed at training future Data Protection Officers (DPOs) under the new European General Data Protection Regulation (GDPR), which becomes effective across the EU on May 25th, 2018.

Paris University and Hogan Lovells Launch a Data Protection Officer Degree

Created by Paris University Professor Bénédicte Fauvarque-Cosson and Hogan Lovells partner Winston Maxwell, the new program will include courses in law, cybersecurity, data analytics, management and ethics. The faculty will include professors from various law schools, as well as practicing DPOs, information security specialists, lawyers and regulators from the CNIL (the French data protection authority), and major companies including Sanofi, GE, Axa, Lagardère, Google, Microsoft, Schneider Electric, BNP Paribas and the Banque Postale. Information about the new program is available here.

É ilegal, mas até o Estado pede cópia do Cartão de Cidadão. Bavarian DPA sanctions appointment of IT manager of company as DPO. According to German data protection law, German data controllers must appoint a Data Protection Officer (“DPO“) in several cases, for example when ten or more people are involved in the automated processing of personal data.

Bavarian DPA sanctions appointment of IT manager of company as DPO

While an employee can be appointed as DPO, the appointee must be knowledgeable on data protection and must be reliable and independent. The latter two characteristics exclude the possibility of appointing someone who has an incompatible position. Conflict of interest under the recently issued WP29’s opinion on DPO. In Section 3.5 of Article 29 Working Party (WP29)’s Guidelines on Data Protection Officer (“DPOs”) (“Opinion”), the WP29 discusses the issue of conflict of interest for DPO.

Conflict of interest under the recently issued WP29’s opinion on DPO

See here for more information on this opinion. The WP29 points out that while Article 38(6) GDPR allows a DPO to perform “other tasks and duties”, the organization must avoid appointment in which those “other tasks and duties” generate a conflict of interests, The absence of conflict of interests is closely linked to the requirement to act in an independent manner. Final cipl gdpr dpo paper 17 november 2016.

WP29 releases guidance on DPOs, data portability, one-stop shop. In something of a massive data dump, the EU’s Article 29 Working Party emerged from its December plenary meeting today with a number of GDPR application guidance documents, including explanations for the mandatory DPO role, the mechanisms for data portability, how a “lead authority” to lead the one-stop shop enforcement mechanism will be established, and some notes on enforcement and the EU-U.S.

WP29 releases guidance on DPOs, data portability, one-stop shop

Privacy Shield. The WP29 welcomes comments on the guidance from stakeholders through January 2017, so there is some possibility their collective minds will be changed on some of this guidance. Nouveau règlement sur les données personnelles : le délégué à la protection des données - FIDAL avocats : le blog. Study: GDPR’s global reach to require at least 75,000 DPOs worldwide. The EU’s General Data Protection Regulation will take effect in May 2018.

Study: GDPR’s global reach to require at least 75,000 DPOs worldwide

Under its own terms, the Regulation governs the privacy practices of any company handling EU citizens’ data, whether or not that company is located in the EU. Because the EU’s 28 member states together represent the world’s largest economy and the top trading partner for 80 countries, many companies around the globe buy and sell goods to EU citizens and are thus subject to the GDPR. WP29 releases guidance on DPOs, data portability, one-stop shop. The compliance burden under the GDPR – Data Protection Officers. September 2016 One of the politically most contentious innovations of the General Data Protection Regulation (GDPR) is the obligation to appoint a Data Protection Officer (DPO) in certain cases.

The compliance burden under the GDPR – Data Protection Officers

While the concept of a DPO is new to many jurisdictions, the appointment of DPOs has, for decades, been an essential element in the German data protection system. Since 1977, many German companies have been required to appoint an independent DPO to fulfil self-regulation obligations. Inspired by the German model, the concept of a mandatory DPO under the GDPR is to have a central person, advising the company on compliance with the GDPR and acting as contact person for Supervisory Authorities (SAs) as well as for data subjects. Who needs a DPO? Should the DPO be certified? <p>We use cookies to enhance your experience on our website.

Should the DPO be certified?

By continuing to use our website, you are agreeing to our use of cookies. You can change your cookie settings at any time. <a href=" out more</a></p> JUST Newsroom - Article 29 Working Party. Act Now Training. Course Description Negotiations on the biggest change to data protection and privacy law in decades are over, and the text of the General Data Protection Regulation has been agreed.

Act Now Training

It will take years of preparation to be ready (and you have two!) New GDPR Practitioner Certificate Launched! New GDPR Practitioner Certificate Launched Act Now Training Limited is pleased to announce the launch of its new GDPR Practitioner Certificate (GDPR.Cert).

New GDPR Practitioner Certificate Launched!

The General Data Protection Regulation (GDPR) is going to be implemented in May 2018 despite the Brexit vote. GDPR will require 28,000 DPOs in Europe and US, study shows. European Union data protection rules will require the appointment of 28,000 data protection officers (DPOs) in the next two years in Europe and the US alone, a study revealed. By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

EU Data Privacy Officer Rule Triggers Search for Talent. By Stephen Gardner Nov. 15 — Smaller European Union companies may not recognize their obligation under the new EU privacy regime to appoint data protection officers and may find that finding qualified officers is becoming difficult, privacy analysts told Bloomberg BNA Nov. 15 The EU General Data Protection Regulation (GDPR) requirement for companies that process personal information to appoint data protection officers may exacerbate the divide between well-resourced companies that are aware of their obligations and smaller companies that might be late in realizing the implications of the new rules, they said.

But even larger companies making progress to comply by the May 2018 GDPR effective date may need to be wary of working with smaller companies that handle sensitive data. Study: At least 28,000 DPOs needed to meet GDPR requirements. With the passage by the EU Parliament of the General Data Protection Regulation, a five-year process has come to a close and organizations across the Continent are now preparing for a number of new requirements for data collection and processing.

One requirement in particular relates to staffing, something not before seen in European law outside of Germany: Certain organizations will now have to hire, appoint, or contract a data protection officer. Our research indicates the number of DPOs required under the GDPR in Europe alone will be, at the least, 28,000. Dpo standards en. Data Protection Officer and IT Manager – Two Jobs That Do Not Match.

Companies required to appoint a data protection officer (“DPO” ) in Europe should carefully consider which candidate is best to select for the job. A company established in Bavaria, Germany, was recently fined by the Bavarian data protection authority (Bayerisches Landesamt für Datenschutzaufsicht, “BayLDA“) for appointing a DPO who at the same time held an operational position as an IT manager. The appointment was deemed to create a conflict of interests between the two functions.

This decision could potentially influence the interpretation of the upcoming EU General Data Protection Regulation (“GDPR“) and thus influence the appointment of DPOs by international companies. I. Germany: Data Protection Officer must not have a conflict of interests - Global Compliance News. By: Jan-Philipp Guenther and Julia Kaufmann November 21, 2016 Central-Western Europe , Data Privacy , Data Privacy , Europe German Data Protection Authority fined a company for having the IT manager appointed as Data Protection Officer – A greater risk under the European General Data Protection Regulation?

According to the German Federal Data Protection Act (“FDPA“) companies must appoint a Data Protection Officer (“DPO“) if (inter alia) at least ten persons are involved in the automated processing of personal data. Companies may choose to appoint an employee of the company as an internal DPO or may appoint a professional data privacy advisor as an external DPO. The appointed DPO must possess the necessary knowledge of data protection law and must be reliable and independent. Devenir délégué à la protection des données. Data Protection Officers: A Comparison of US Law, EU Law, and Soon-to-be-EU Law.

WP29 releases guidance on DPOs, data portability, one-stop shop.