Expert Advice Community

Guest

Combining DPO and ISO role

  Quote
Guest
Biser Todorov Created:   Feb 14, 2018 Last commented:   Feb 15, 2018

Combining DPO and ISO role

I am curious to know what is your opinion about combining Data Protection Officer and Information Security Officer roles in a small to medium companies? Is this a good idea, or not, and why?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Feb 15, 2018
Answer:

Combining the two roles is something that lots of small companies are thinking of and is a whole
debate on this subject among various professional circles. My personal view is that although in theory could work there will be some instances where a conflict of interest might appear.

For instance the Information Security Officer's job is to protect the assets of the company any by doing that he/she may engage in monitoring of employees activities. Thus, the Information Security Officer will think of the best and extensive ways to monitor the employees in order to ensure that the company`s assets are protected. On the other hand, the Data Protection Officer would need to leverage the monitoring extent with the rights and freedoms of the employees as well as their expectations of privacy.

So, you can see that there is a conflict of interest if one individual would need to perform both tasks.

There was also a case law in Germany a few years ago where the court ruled that the Information Security Officer cannot perform the tasks of the Data Protection Officer.

Y ou can find out more about the tasks of the Data Protection Officer by going through our article “The role of the DPO in light of the General Data Protection Regulation” https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 14, 2018

Feb 15, 2018

Suggested Topics

Dana Created:   Jan 22, 2023 EU GDPR
Replies: 1
0 0

Controller and Processor

wasima Created:   Jan 22, 2023 EU GDPR
Replies: 1
0 0

Data subject Rights

Guest user Created:   Jan 19, 2023 EU GDPR
Replies: 1
0 0

GDPR in Sweden