In this article, we would like to describe the tasks of the Data Protection Officer or DPO under the GDPR and practical issues related to them. Furthermore, we will briefly discuss the legal relationships that are not regulated by the GDPR but may occur in the course of everyday work within the scope of the DPO’s activities i.e. in the specific tasks of the DPO.
In the third and final part of this series of articles, we present Guidelines 04/2022 of the European Data Protection Board (hereinafter: EDPB), from Chapter 4 to Chapter 8.
In this article, we would like to present the most important parts of the status and duties of the Data Protection Officers (DPOs), mainly focusing on the DPOs participation in decisions, the provision of resources, the independence, the liability and possible sanctions, the obligation of confidentiality and finally, the conflict of interest.
Defining the DPO and summarising the expectations of the position is a complex process that requires careful consideration by data controllers. In addition to the assessment of professional qualifications, the choice of the nature of the relationship is a key consideration. In this article, the characteristics of the internal and external DPO positions are compared, and specific contractual arrangements are discussed in relation to the latter
This year the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH, or the Authority) celebrates the 10th anniversary of its establishment and has published its 2021 Activity Report. In this article, we briefly review the 9 major data protection cases covered by the Authority in the report and summarise the key lessons and our observations.
This article examines when it is mandatory to appoint a DPO, how to deal with an optionally appointed DPO, and what the options are if several organisations wish to appoint a DPO.