http://www.informationweek.com writes today about the increased necessity of properly trained DPOs, citing Google’s global privacy counsel Peter Fleischer:
“Soon, many thousands of companies operating in Europe will be looking to appoint [data protection officers] to meet legal obligations, and since there is no available pool of such people, companies need to start thinking now about how to recruit, train and resource a DPO, and/or an entire DPO team, for the large companies”.
I remind you that iblogpdp.com was also concerned with this issue previously this year. You found out then that Article 35 of the proposed EC data protection regulation states that a data protection officer shall be designated in the following cases:
– when the processing is carried out by a public authority or body;
– when the processing is carried out by an enterprise employing 250 persons or more;
– the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.
Fleischer sees three viable approaches to the new rules, depending on the complexity of companies’ data processing requirements.
Companies that have relatively simply data operations can probably just train personnel from human resources or marketing, he suggests.
They might also be able to outsource the DPO role, which he sees as a potential business opportunity for entrepreneurs.
Companies with large, complex data processing and handling operations will have the most adjustment to do. “[T]oday, rather shockingly, some of the world’s largest data processing companies, with mega-databases of trillions of pieces of personal data, do not have a single heavy-weight DPO on staff,” he wrote.
Read the whole story HERE.
The New Data Protection Regulation could cost businesses 3 billion a year due to employee data clause
Derek Mooney (public affairs director of the Brussels European Employee Relations Group – BEERG – ) writes for Euractiv.eu that contrary to what the EU Commission asserts, if the proposed General Data Protection Regulation is adopted with Article 82 as it stands, it will result in significant extra costs for all European business.
More precisely, if the GDPR is adopted with the Art 82 provision then business will have the “patchwork of 27 different rules in 27 countries” plus the additional obligations and burdens set out in the GDPR such as data protections officers; consent rules and 2% penalty on annual turnover without access to the costs savings the Commission claims.
So far from saving business €2.3 billion, this measure will cost business money EU wide – at a time when EU national governments are committing themselves to reducing employment costs.
BEERG research shows that at a conservative estimate the employee- data related data provisions alone could add €3 billion each year in additional costs on business.
Article 82 of the GDPR excludes the area of employee data from the EU wide “one stop shop” by specifically providing that each member state shall also be empowered to regulate in this area.
Read the whole story: EU’s General Data Regulation could be Costly for Businesses
Leave a comment
Posted in Comments, News
Tagged Article 82 data protection regulation, BEERG, Brussels European Employee Relations Group, data protection, data protection officers, data protection regulation, Derek Mooney, employee data, employee data related provisions, national governments, privacy