logo trasparente privacy control società di consulenza
Assistenza in Materia di adeguamento GDPR - Nuovo Regolamento Europeo
  • Who we are
  • Our Services
    • Video surveillance adjustment
    • Legal assistance – Privacy violation
    • Privacy Consulting
  • qUOTES
  • Customer Area
    • Notice Board
    • File
      • My Files
        • Update file
      • Create file
    • Pages
      • My pages
        • Update page
      • Create page
    • My account
      • Account details
      • Edit profile
      • Logout
  • English
    • Italian
  • FAQ
  • BLOG
  • Partners
  • Events

Data Protection Officer: because you need an autonomous and independent figure

The decision-making autonomy and the extraneousness of the DPO with respect to the determination of the purposes and methods of the treatment are means of fundamental importance for restoring to those concerned that sovereignty over the circulation of their data

The scenario
This is the scenario in which the Data Protection Officer or Responsible for the protection of personal data (later DPO or RPD) is inserted: a complex figure, which summarizes in itself the plot of principles, ethical before legal, which cloaks the European Regulation.
One thing must be clear : the tasks and responsibilities of the DPO cannot depend solely on market logic. Logics that, among other things, have recently fueled the proliferation of training proposals, among which it is often difficult to distinguish, with sufficient clarity, those really oriented to shaping the qualities and professional skills of this new figure and those instead aimed solely at release of the so-called “ quality stamps ” (often of doubtful value) to be pinned on the curriculum. The role of the DPO is too delicate to be debased through a commodification work (including certifications) which has (unfortunately) accompanied many roles / models of “responsibility” in other areas of law.

Certification mechanisms
It is true , in fact, that the EU Regulation 2016/679 provides and incentives the establishment of data protection certification mechanisms in order to demonstrate compliance with the Regulation of treatments carried out (art. 42, par. 1) but, as rightly recalled by the Data Protection Authority with press release of 18 July , in Italy no accreditation body has yet been identified for the purposes of the Regulation, nor have the additional requirements for accreditation of the bodies been defined certification (art.43, par.1, letter b) and the certification criteria (art.42 par.5).

The designation of the DPO
It should be emphasized that, even when not mandatory, the designation of the DPO is particularly recommended for all cases in which the processing activities constitute probable sources of risk for the rights and freedoms of natural persons , based evaluations entrusted, in individual cases, to the Owners and Managers, in implementation of the fundamental principle of accountability. It is clear, therefore, that the Data Protection Officer cannot and should not have a function to protect the interests of the Owner and the Manager, but a role exclusively dedicated to the protection of personal data.

Essential requirements
Here, therefore, the requirement of the DPO’s autonomy and independence in the exercise of its functions becomes essential , taking up in part the spirit of the system envisaged in Italy by Legislative Decree 231/2002, regarding the administrative liability of entities . As we know, ensuring that there are no constraints in performing complex tasks is far from trivial. Certainly, the hypothesis of framing the DPO in an addictive relationship with the Data Controller (or with the Manager) of the treatment would present more evident risks of asymmetry of powers and conflict of interest in the workplace, despite the express regulatory coverage. However, even in the absence of hierarchical constraints, the duty to act independently could be compromised if the assignment given to the external DPO assumed, in fact, the form of a simple professional mandate or a service assignment.

Source: www.agendadigitale.eu

Guide to the application of the European Regulation on the protection of personal data Data protection of minors and cyberbullying: what changes with the GDPR

Related Posts

adeguamento gdpr privacy control

BLOG, News

GDPR: WHAT IT IS AND WHY COMPANIES SHOULD ADJUST US

data protection officer profilo giuridico privacy control

BLOG, News

DPO – Data Protection Officer: the data protection officer

gpdr trattamento dati dipendenti azienda privacy control

BLOG, News

GDPR: the processing of employee data by the employer

logo trasparente privacy control società di consulenza
Links
  • Facebook
  • Youtube
  • linkedin
© Privacy Control 2021
Privacy Control, brand di Privacycert Lombardia srl • Pass. Don seghezzi, 2, 24122 Bergamo (BG)
P.IVA 04224740169 • Cap. Sociale 10.000,00 € I.V. • REA N. 445875 • Privacy policy
Tutte le immagini e i contenuti presenti in questo sito sono coperti da copyright. Condizioni di Vendita

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

Privacy Overview
Privacy Control

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Cookie Policy

Powered by  GDPR Cookie Compliance