In this article, we would like to present the most important parts of the status and duties of the Data Protection Officers (DPOs), mainly focusing on the DPOs participation in decisions, the provision of resources, the independence, the liability and possible sanctions, the obligation of confidentiality and finally, the conflict of interest.
Defining the DPO and summarising the expectations of the position is a complex process that requires careful consideration by data controllers. In addition to the assessment of professional qualifications, the choice of the nature of the relationship is a key consideration. In this article, the characteristics of the internal and external DPO positions are compared, and specific contractual arrangements are discussed in relation to the latter
This year the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH, or the Authority) celebrates the 10th anniversary of its establishment and has published its 2021 Activity Report. In this article, we briefly review the 9 major data protection cases covered by the Authority in the report and summarise the key lessons and our observations.
This article examines when it is mandatory to appoint a DPO, how to deal with an optionally appointed DPO, and what the options are if several organisations wish to appoint a DPO.
In order to explain the legal framework for the position of DPO and the practicalities for data controllers, we are launching a series of articles analyzing the relevant issues in detail. In the first article, we will look at the importance and historical background of the position of data protection officer.
