I am curious to know what is your opinion about combining Data Protection Officer and Information Security Officer roles in a small to medium companies? Is this a good idea, or not, and why?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Andrei Hanganu
Feb 15, 2018
Answer:
Combining the two roles is something that lots of small companies are thinking of and is a whole
debate on this subject among various professional circles. My personal view is that although in theory could work there will be some instances where a conflict of interest might appear.
For instance the Information Security Officer's job is to protect the assets of the company any by doing that he/she may engage in monitoring of employees activities. Thus, the Information Security Officer will think of the best and extensive ways to monitor the employees in order to ensure that the company`s assets are protected. On the other hand, the Data Protection Officer would need to leverage the monitoring extent with the rights and freedoms of the employees as well as their expectations of privacy.
So, you can see that there is a conflict of interest if one individual would need to perform both tasks.
There was also a case law in Germany a few years ago where the court ruled that the Information Security Officer cannot perform the tasks of the Data Protection Officer.
Y ou can find out more about the tasks of the Data Protection Officer by going through our article “The role of the DPO in light of the General Data Protection Regulation” https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
Combining the two roles is something that lots of small companies are thinking of and is a whole
debate on this subject among various professional circles. My personal view is that although in theory could work there will be some instances where a conflict of interest might appear.
For instance the Information Security Officer's job is to protect the assets of the company any by doing that he/she may engage in monitoring of employees activities. Thus, the Information Security Officer will think of the best and extensive ways to monitor the employees in order to ensure that the company`s assets are protected. On the other hand, the Data Protection Officer would need to leverage the monitoring extent with the rights and freedoms of the employees as well as their expectations of privacy.
So, you can see that there is a conflict of interest if one individual would need to perform both tasks.
There was also a case law in Germany a few years ago where the court ruled that the Information Security Officer cannot perform the tasks of the Data Protection Officer.
Y ou can find out more about the tasks of the Data Protection Officer by going through our article “The role of the DPO in light of the General Data Protection Regulation” https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
Comment as guest or Sign in
Feb 14, 2018
Feb 15, 2018
Feb 15, 2018