I have participated your webinar on Data privacy and I have one question. Your statement was that combinig the roles of CISO and DPO within the same person, represents conflict of interest.
Could you please search on the Internet for this topic: "The DPO and conflicts of interest: What (management) functions are compatible with the DPO?
Assign topic to the user
According to Article 38 GDPR - Position of the data protection officer, para 6, “The data protection officer may fulfill other tasks and duties. The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests”. In smaller companies, the CISO just performs security audits without taking critical decisions, so the CISO position would not be in a conflict of interest with the DPO position. This is what the Belgium DPA states, that a case-by-case analysis should be done, on whether, actually, the DPO position would be in conflict with the CISO position. In bigger companies, the CISO's position might be in a conflict of interest if he/she is responsible for setting up and monitoring security controls in the organization, including security controls that might intrude on the privacy of employees. Such situations should be avoided.
Please also consult these links:
- Article 38 GDPR - Position of the data protection officer: https://advisera.com/gdpr/position-of-the-data-protection-officer/
- The role of the DPO in light of the General Data Protection Regulation: https://advisera.com/articles/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
- EU GDPR Data Protection Officer Course: https://advisera.com/training/eu-gdpr-data-protection-officer-course/
Comment as guest or Sign in
Feb 24, 2023