Skip to content
Sub practice
Sub practice

Data Protection Officer

High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?

High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?

As a rule, data protection officers have no decision-making power themselves but report to the management. Hence, it is the management that is responsible for complying with and implementing data protection. If the data protection officers are awarded corresponding powers to issue instructions under their respective contracts, this will also impact their liability.

Even without formal decision-making powers, data protection officers have considerable responsibility. With statutory provisions becoming increasingly complex, their tasks are also becoming more extensive. Breaches may trigger high damages claims and administrative fines and cause considerable reputational damage.

Are you sufficiently protected and trained?

 

News and insights

Blog Post: 22 February 2024

EDPB adopts opinion on the notion of main establishment during 90th plenary

The European Data Protection Board (EDPB) during its 90th plenary session, on 14 February 2024, amongst other things: adopted an opinion (the Opinion) on the notion of a controller’s main…

Read more
Data protection

Blog Post: 14 February 2024

ICO and AEPD take steps for protection of minors

The Information Commissioner’s Office (ICO) launched a campaign called ‘Think. Check. Share’ (the Campaign) on 29 January 2024, to promote responsible data sharing to safeguard children. The Campaign…

Read more
computers

Blog Post: 10 January 2024

CJEU rules that a credit score constitutes automated decision making under the GDPR

On 7 December 2023, the Court of Justice of the European Union (CJEU) issued a landmark judgment on Article 22 of the General Data Protection Regulation (GDPR), focused on decision making based solely…

Read more
World map with graph information overlaid

Blog Post: 13 September 2022

Germany – Schrems II: German court overturns presumption of international data transfer from EU-subsidiary to non-EU parent company

On 13 July 2022, the Public Procurement Chamber of the German state of Baden-Württemberg (the Public Procurement Chamber) issued a decision confirming that personal data processed by an EU subsidiary…

Read more