http://www.informationweek.com writes today about the increased necessity of properly trained DPOs, citing Google’s global privacy counsel Peter Fleischer:
“Soon, many thousands of companies operating in Europe will be looking to appoint [data protection officers] to meet legal obligations, and since there is no available pool of such people, companies need to start thinking now about how to recruit, train and resource a DPO, and/or an entire DPO team, for the large companies”.
I remind you that iblogpdp.com was also concerned with this issue previously this year. You found out then that Article 35 of the proposed EC data protection regulation states that a data protection officer shall be designated in the following cases:
– when the processing is carried out by a public authority or body;
– when the processing is carried out by an enterprise employing 250 persons or more;
– the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.
Fleischer sees three viable approaches to the new rules, depending on the complexity of companies’ data processing requirements.
Companies that have relatively simply data operations can probably just train personnel from human resources or marketing, he suggests.
They might also be able to outsource the DPO role, which he sees as a potential business opportunity for entrepreneurs.
Companies with large, complex data processing and handling operations will have the most adjustment to do. “[T]oday, rather shockingly, some of the world’s largest data processing companies, with mega-databases of trillions of pieces of personal data, do not have a single heavy-weight DPO on staff,” he wrote.
Read the whole story HERE.
Christopher Wolf on the Critical Time for the EU Data Protection Regulation
Christopher Wolf, who co-chairs the Future of Privacy Forum, wrote an article on the state of the art in data protection and privacy law at the beginning of 2013, pointing out the main developments in the field of last year and sketching what could happen in the year that just began.
The article focuses on the European developments in the data protection legal regime, as “what happens in the EU has an impact on multinational organizations operating across borders, and on the evolution of privacy frameworks around the world.”
Wolf writes about the main critiques the Regulation in its entirety faces, emerging especially from UK and also from France, but also discusses topical issues, such as “the right to be forgotten”.
You can find the piece HERE.
Leave a comment
Posted in Comments
Tagged across borders, Christopher Wolf, data protection in 2013, data protection reform, data protection regulation, ENISA, EU data protection regulation, Future of Privacy Forum, privacy frameworks, right to be forgotten