http://www.informationweek.com writes today about the increased necessity of properly trained DPOs, citing Google’s global privacy counsel Peter Fleischer:
“Soon, many thousands of companies operating in Europe will be looking to appoint [data protection officers] to meet legal obligations, and since there is no available pool of such people, companies need to start thinking now about how to recruit, train and resource a DPO, and/or an entire DPO team, for the large companies”.
I remind you that iblogpdp.com was also concerned with this issue previously this year. You found out then that Article 35 of the proposed EC data protection regulation states that a data protection officer shall be designated in the following cases:
– when the processing is carried out by a public authority or body;
– when the processing is carried out by an enterprise employing 250 persons or more;
– the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.
Fleischer sees three viable approaches to the new rules, depending on the complexity of companies’ data processing requirements.
Companies that have relatively simply data operations can probably just train personnel from human resources or marketing, he suggests.
They might also be able to outsource the DPO role, which he sees as a potential business opportunity for entrepreneurs.
Companies with large, complex data processing and handling operations will have the most adjustment to do. “[T]oday, rather shockingly, some of the world’s largest data processing companies, with mega-databases of trillions of pieces of personal data, do not have a single heavy-weight DPO on staff,” he wrote.
Read the whole story HERE.