Expert Advice Community

Guest

GDPR DPO Job Description

  Quote
Guest
Guest user Created:   Apr 12, 2018 Last commented:   Apr 12, 2018

GDPR DPO Job Description

Regarding the conflict of interest clause in the DPO Job Description document, what options are there if the DPO holds another role at the company that does require him to determine the purposes or means of processing personal data? Would it satisfy GDPR requirements for him to sign an additional agreement ensuring that the responsibilities of that other function do not affect the carrying out of the DPO role?
0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 12, 2018

Answer:

According to Recital 97 of the GDPR “data protection officers, whether or not they are an employee of the controller, should be in a position to perform their duties and tasks in an independent manner.”

Also, art.38 of the EU GDPR -“The data protection officer may fulfill other tasks and duties” https://advisera.com/eugdpracademy/gdpr/position-of-the-data-protection-officer/ . The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests.

Also, one of the major roles of the DPO is to protect the rights and freedoms of the individuals whose data are collected. If the emplo yee is both appointed as DPO and is also responsible for determining the purposes and means of processing of individuals data, this conflictual situation would jeopardize the independence of the DPO.

Signing an additional agreement ensuring that the responsibilities of that other function do not affect the carrying out of the DPO role could be a solution for you if the DPO will not be responsible at all for determining the purposes and means of processing (not only on documents but also in the day by day tasks). To be honest this approach is not full proof since it might be difficult in practice for someone to play two conflicting roles .

Another solution would be to appoint an external DPO which represent an easy way to solve the conflict of interest issues and challenges presented by the requirements for independence.

You can find out more about the role of the DPO form our article “The role of the DPO in light of the General Data Protection Regulation” https://advisera.com/eugdpracademy/knowledgebase/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 12, 2018

Apr 12, 2018

Suggested Topics

Guest user Created:   Jan 14, 2020 EU GDPR
Replies: 1
0 0

EU GDPR - DPO, DPIA & other questions

Guest user Created:   Dec 19, 2017 EU GDPR
Replies: 1
0 0

External DPO

Guest user Created:   Aug 06, 2023 EU GDPR
Replies: 1
0 0

Do we need VPN to comply with GDPR?