Expert Advice Community

Guest

Data privacy question

  Quote
Guest
Guest user Created:   Feb 23, 2023 Last commented:   Feb 24, 2023

Data privacy question

I have participated your webinar on Data privacy and I have one question. Your statement was that combinig the roles of CISO and DPO within the same person, represents conflict of interest.
Could you please search on the Internet for this topic: "The DPO and conflicts of interest: What (management) functions are compatible with the DPO?

0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Feb 24, 2023

According to Article 38 GDPR - Position of the data protection officer, para 6, “The data protection officer may fulfill other tasks and duties. The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests”. In smaller companies, the CISO just performs security audits without taking critical decisions, so the CISO position would not be in a conflict of interest with the DPO position. This is what the Belgium DPA states, that a case-by-case analysis should be done, on whether, actually, the DPO position would be in conflict with the CISO position. In bigger companies, the CISO's position might be in a conflict of interest if he/she is responsible for setting up and monitoring security controls in the organization, including security controls that might intrude on the privacy of employees. Such situations should be avoided.

Please also consult these links:

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 23, 2023

Feb 24, 2023

Suggested Topics

Guest user Created:   Jul 04, 2022 EU GDPR
Replies: 1
0 0

GDPR intermediary

Guest user Created:   May 03, 2021 EU GDPR
Replies: 3
0 0

Assistance with the toolkit