Skip to content
Sub practice
Sub practice

Data Protection Officer

High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?

High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?

As a rule, data protection officers have no decision-making power themselves but report to the management. Hence, it is the management that is responsible for complying with and implementing data protection. If the data protection officers are awarded corresponding powers to issue instructions under their respective contracts, this will also impact their liability.

Even without formal decision-making powers, data protection officers have considerable responsibility. With statutory provisions becoming increasingly complex, their tasks are also becoming more extensive. Breaches may trigger high damages claims and administrative fines and cause considerable reputational damage.

Are you sufficiently protected and trained?

 

News & insights

Publications: 30 JUNE 2020

Webinar: Cybersecurity – How to respond to an incident

Allen & Overy partners with leading security experts, Kroll, to discuss how to respond to a cybersecurity incident. In light of the heightened threat level due to remote working and disruption caused…

Read more
Abstract graphic

Publications: 19 JUNE 2020

Covid–19 coronavirus: emerging data protection and cybersecurity guidance (Updated 18 June 2020)

The Covid-19 coronavirus is creating a need for organisations to process personal data, for a variety of specific purposes (including managing and protecting their workforce, customers and the…

Read more
Computer hardware

Publications: 29 MAY 2020

Active user consent is required, while previously practiced opt-out mechanisms are unlawful

On 28 May 2020, the German Federal Court of Justice (Bundesgerichtshof; BGH) issued its decision in the Planet49 case that had previously been referred to and decided on by the Court of Justice of the…

Read more

Publications: 20 MAY 2020

Warsaw podcast - GDPR in M&A transactions

Justyna Ostrowska, senior associate in Allen & Overy Warsaw, advises clients on new technologies, intellectual property and data protection law. In her podcast, she discusses the various stages of a…

Read more