GDPR: some organisations may need a new DPOaccording to the Belgian Data Protection Authority
Through recent decisions, the Litigation Chamber of the Belgian Data Protection Authority (BDPA) has examined the role of the Data Protection Officer (DPO), the appointment of which is compulsory for several undertakings and organisations. The BDPA has set out its own interpretation of the requirements for this role, as well as the DPO’s tasks. In each case, the Litigation Chamber concluded – in a manner that may lead to controversy – that the (internal and external) DPOs appointed did not meet the requirements of the GDPR. The deadline for filing an appeal is still running in relation to these decisions, but it is already useful to look at the Litigation Chamber’s position on this topic.
It remains to be seen what position the Luxembourg data protection authority will take on the position of the DPO. CNPD guidance on the role of the DPO can be expected in the coming months as the CNPD has investigated +/- 20 undertakings and organisations in 2019 and has indicated that it would publish some guidance on the obligation to appoint a DPO and the functioning of the latter.
Click here to read the full article
Source: Agefi - May 2020