-
Recent Posts
- Why data protection law is uniquely equipped to let us fight a pandemic with personal data
- A US Bill from 1974 shares so much DNA with the GDPR, it could be its ancestor
- Planet49 CJEU Judgment brings some ‘Cookie Consent’ Certainty to Planet Online Tracking
- The CJEU decides lack of access to personal data does not unmake a joint controller: A look at Wirtschaftsakademie
- Brief case-law companion for the GDPR professional
- Exam scripts are partly personal data and other practical findings of the CJEU in Nowak
- A Conversation with Giovanni Buttarelli about The Future of Data Protection: setting the stage for an EU Digital Regulator
- Why did Facebook just receive (one of) the biggest data protection fine(s) on record
- Exam scripts and examiner’s corrections are personal data of the exam candidate (AG Kokott Opinion in Nowak)
- Highlights of the draft LIBE report on the ePrivacy Reg
Archives
Tags roulette
AG Mengozzi Article 8 Charter article 29 working party big data CJEU cloud computing CNIL data portability data protection Data Protection Directive data protection laws data protection officer data protection reform data protection regulation directive 95/46 directive 95/46/EC EDPS European Commission European Data Protection Supervisor European Parliament Facebook Gabriela Zanfir GDPR Google personal data PNR privacy right to be forgotten Surveillance technology Viviane RedingCategories
RSS
Meta
All about personal data protection and privacy
EPIC.ORG news- An error has occurred; the feed is probably down. Try again later.
- EDRi
- Commission launches internet fee consultation full of biased questions
- Will the European Union allow politicians to use your personal data for political advertising?
- EDRi-gram, 31 May 2023
- Sex, religion and race are advertising taboos, except for power-hungry politicians
- USA border plan requires “continuous and systematic” transfers of biometric data
- €1.2 billion GDPR fine for Meta over US mass surveillance
- 5 years of the GDPR: National authorities let down European legislator
- Romania: CSA Regulation will make journalistic investigations of child abuse impossible
- Open letter: Gender-inclusive and safe digital world that is free from violence for all
- Chaos Communication Camp 2023
- European Data Protection Supervisor
- An error has occurred; the feed is probably down. Try again later.
- CNIL
- Journées RGPD les 13 et 14 juin à Rennes
- Fusion de la carte Vitale et de la carte d’identité : les points d’attention de la CNIL concernant la protection des données
- Clôture de l’injonction prononcée à l’encontre de MICROSOFT IRELAND OPERATIONS LIMITED
- Remise du prix « Protection de la vie privée » 2022 par la CNIL et l’Inria
- Données de santé et utilisation des cookies : DOCTISSIMO sanctionné par une amende de 380 000 euros
- Le rapport annuel 2022 de la CNIL
- Intelligence artificielle : le plan d’action de la CNIL
- Évolution des pratiques du web en matière de cookies : la CNIL évalue l’impact de son plan d’action
- Privacy Research Day : découvrez le programme et inscrivez-vous gratuitement à l’évènement
- Accompagnement renforcé : la CNIL sélectionne 3 entreprises du numérique à fort potentiel
- ICO
- ICO reprimands Thames Valley Police for releasing witness details to suspected criminals
- John Edwards, Information Commissioner, delivers a keynote speech at the Data and the Future of Financial Services Summit
- ICO statement on Capita incident
- Statement in response to the Open Rights Group’s report
- ICO issues Ministry of Justice with reprimand after confidential personal information left in prison holding area
- “It’s important not to get caught out.” - New SARs guidance for employers issued
- Information Commissioner John Edwards' opening remarks at the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), delivered on 23 May 2023.
- ICO fines two businesses £180,000 for making unlawful marketing calls
- ICO takes action against both Plymouth City Council and Norfolk County Council for failing to respond to information access requests
- ICO takes action against Shropshire Council for failing to respond to Freedom of Information requests
- Privacy Commissioner Canada
- Announcement: Commissioner welcomes conclusion of the U.S. Federal Trade Commission’s investigation into Ashley Madison breach
- Announcement: OPC blog post: learn how identifiers on your phone can be used to track you
- Don’t repeat past mistakes, Privacy Commissioner warns as government reviews national security framework - December 6, 2016
- Media Advisory: Privacy guardians to unveil recommendations on modernizing Canada’s national security framework - December 5, 2016
- Announcement: Contributions Program launches call for innovative research and knowledge translation proposals - November 30, 2016
- Announcement: Commissioner shares views on Security of Canada Information Sharing Act with Parliament
- Announcement: Commissioner shares views on Bill C-22 with Parliament
- Announcement: OPC posts new summaries of cases involving businesses
- Media surveillance highlights privacy risk to all Canadians
- Announcement: Privacy Commissioner launches Privacy Tech-Know blog series
pdpEcho 
Data protection officers needed more and more: "Data Protection Officer Drought Predicted"
http://www.informationweek.com writes today about the increased necessity of properly trained DPOs, citing Google’s global privacy counsel Peter Fleischer:
“Soon, many thousands of companies operating in Europe will be looking to appoint [data protection officers] to meet legal obligations, and since there is no available pool of such people, companies need to start thinking now about how to recruit, train and resource a DPO, and/or an entire DPO team, for the large companies”.
I remind you that iblogpdp.com was also concerned with this issue previously this year. You found out then that Article 35 of the proposed EC data protection regulation states that a data protection officer shall be designated in the following cases:
– when the processing is carried out by a public authority or body;
– when the processing is carried out by an enterprise employing 250 persons or more;
– the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.
Fleischer sees three viable approaches to the new rules, depending on the complexity of companies’ data processing requirements.
Companies that have relatively simply data operations can probably just train personnel from human resources or marketing, he suggests.
They might also be able to outsource the DPO role, which he sees as a potential business opportunity for entrepreneurs.
Companies with large, complex data processing and handling operations will have the most adjustment to do. “[T]oday, rather shockingly, some of the world’s largest data processing companies, with mega-databases of trillions of pieces of personal data, do not have a single heavy-weight DPO on staff,” he wrote.
Read the whole story HERE.
Share this:
Like this:
Leave a comment
Posted in Comments
Tagged Article 35 data protection regulation, data protection, data protection officers, EU data protection regulation, informationweek.com, Peter Fleishcer