-
Recent Posts
- Why data protection law is uniquely equipped to let us fight a pandemic with personal data
- A US Bill from 1974 shares so much DNA with the GDPR, it could be its ancestor
- Planet49 CJEU Judgment brings some ‘Cookie Consent’ Certainty to Planet Online Tracking
- The CJEU decides lack of access to personal data does not unmake a joint controller: A look at Wirtschaftsakademie
- Brief case-law companion for the GDPR professional
- Exam scripts are partly personal data and other practical findings of the CJEU in Nowak
- A Conversation with Giovanni Buttarelli about The Future of Data Protection: setting the stage for an EU Digital Regulator
- Why did Facebook just receive (one of) the biggest data protection fine(s) on record
- Exam scripts and examiner’s corrections are personal data of the exam candidate (AG Kokott Opinion in Nowak)
- Highlights of the draft LIBE report on the ePrivacy Reg
Archives
Tags roulette
AG Mengozzi Article 8 Charter article 29 working party big data CJEU cloud computing CNIL data portability data protection Data Protection Directive data protection laws data protection officer data protection reform data protection regulation directive 95/46 directive 95/46/EC EDPS European Commission European Data Protection Supervisor European Parliament Facebook Gabriela Zanfir GDPR Google personal data PNR privacy right to be forgotten Surveillance technology Viviane RedingCategories
RSS
Meta
All about personal data protection and privacy
EPIC.ORG news- EPIC Demands Privacy Commitments From Oracle, TikTok
- BREAKING: DOJ Releases New Material from Mueller Report in EPIC Case
- Senate Republicans Introduce Weak "SAFE DATA Act”
- EPIC Urges FCC to Adopt AI Principles, Support Robust Regulation of AI
- Reps. Hurd, Kelly Introduce Resolution to Guide U.S. AI Policy
- EDRi
- An error has occurred; the feed is probably down. Try again later.
- European Data Protection Supervisor
- Artificial Intelligence, data and our values – on the path to the EU’s digital future
- Body temperature checks by EU institutions: Careful assessment and data protection safeguards are necessary
- Giovanni in our memories
- TechDispatch #2/2020: Quantum Computing and Cryptography
- Data Protection requirements must go hand in hand with the prevention of money laundering and terrorism financing
- CNIL
- La CNIL et Régions de France unissent leurs efforts pour soutenir les collectivités dans leur démarche de protection des données personnelles
- Le médiateur des entreprises et la CNIL s'associent pour résorber les différends dans les relations contractuelles
- La CNIL rend public son avis trimestriel adressé au Parlement sur les conditions de mise en œuvre des traitements SI-DEP, Contact Covid et StopCovid
- Rançongiciels : l’ANSSI et le ministère de la Justice publient un guide pour sensibiliser les entreprises et les collectivités
- Le CEPD lance une consultation publique sur son projet de lignes directrices sur les notions de responsable du traitement et de sous-traitant
- ICO
- Blog: Data protection considerations and the NHS COVID-19 app
- Data protection guidance for collecting customer information
- Accountability Framework: demonstrating your compliance
- Yr ICO yn dirwyo cwmni £130,000 am alwadau diawdurdod ynghylch pensiynau
- ICO fines company £130,000 for unauthorised pensions cold calls
- Privacy Commissioner Canada
- Announcement: Commissioner welcomes conclusion of the U.S. Federal Trade Commission’s investigation into Ashley Madison breach
- Announcement: OPC blog post: learn how identifiers on your phone can be used to track you
- Don’t repeat past mistakes, Privacy Commissioner warns as government reviews national security framework - December 6, 2016
- Media Advisory: Privacy guardians to unveil recommendations on modernizing Canada’s national security framework - December 5, 2016
- Announcement: Contributions Program launches call for innovative research and knowledge translation proposals - November 30, 2016
Tasks of the data protection officer
I was writing yesterday how EU will oblige all the public institutions and the big companies to appoint a data protection officer through the new data protection regulation. Now we’ll have a look on the tasks the data protection officer will have to accomplish.
According to Article 36 of the proposed regulation, the data protection officer will have to:
– inform and advise the controller or the processor of their obligations pursuant to the Regulation and to document this activity and the responses received
– monitor the implementation and application of the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, the training of staff involved in the processing operations, and the related audits
– monitor the implementation and application of the Regulation, in particular as to the requirements related to data protection by design, data protection by default and data security and to the information of data subjects and their requests in exercising their rights under the Regulation
– ensure that the documentation referred to in Article 28 is maintained
– monitor the documentation, notification and communication of personal data breaches
– monitor the performance of the data protection impact assessment by the controller or processor and the application for prior authorisation or prior consultation
– monitor the response to requests from the supervisory authority, and, within the sphere of the data protection officer’s competence, co-operating with the supervisory authority at the latter’s request or on the data protection officer’s own initiative
– act as the contact point for the supervisory authority on issues related to the processing and consult with the supervisory authority, if appropriate, on his/her own initiative.
These tasks are provided for in the regulation but they are considered as a minimum level of specialized activity. The tasks of the data protection officer are subject to two possible enlargements: one coming from the controller or processor, and another one coming directly from the European Commission. In this respect, paragraph 2 of Article 36 provides that “The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for tasks, certification, status, powers and resources of the data protection officer referred to in paragraph 1“.
Share this: