Data Protection Officer
High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?
High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?
As a rule, data protection officers have no decision-making power themselves but report to the management. Hence, it is the management that is responsible for complying with and implementing data protection. If the data protection officers are awarded corresponding powers to issue instructions under their respective contracts, this will also impact their liability.
Even without formal decision-making powers, data protection officers have considerable responsibility. With statutory provisions becoming increasingly complex, their tasks are also becoming more extensive. Breaches may trigger high damages claims and administrative fines and cause considerable reputational damage.
Are you sufficiently protected and trained?
Explore our services
News and insights
Publications: 03 April 2024
China passes provisions to relax the cross-border data transfer regime
China has passed provisions which relax the current cross-border data transfer mechanisms. This comes as welcome news to the international business community, especially those with the need to export…
Publications: 01 April 2024
Anna Rudawski, cybersecurity response partner at Allen & Overy, discussed how the recent SEC rulings and increased liability pressures are impacting Chief Information Security Officers (CISOs), with…
Blog Post: 10 January 2024
CJEU rules that a credit score constitutes automated decision making under the GDPR
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued a landmark judgment on Article 22 of the General Data Protection Regulation (GDPR), focused on decision making based solely…