This is the second in a two-part series of IAPP Perspectives posts on the hiring of data protection officers in the EU.
Gonca Dhont, Managing Director of DPO Network Europe, answers business questions about the implementation of the GDPR DPO requirement. Some of the questions covered in this article are: Can a single DPO serve multiple countries and where should (s)he be based? Can the DPO be based outside the EU? Will the DPO report to our CPO? If multiple entities share a single in-house DPO, what will the reporting line look like? What other options do we have if we do not want to create a permanent headcount? And many more...
This is the first in a two-part series of IAPP Perspectives posts on the hiring of data protection officers in the EU.
Gonca Dhont, Managing Director of DPO Network Europe, answers business questions about implementation of the GDPR DPO requirement. Questions covered in this article are: When shall we appoint our DPO? The CPO and the DPO – is it the same thing? What is the job holder profile? What type of knowledge are we looking for? What level of knowledge should we expect from our DPO? Which skills can enable a person to fulfil all the listed tasks?
The draft GDPR: Where does the obligation to appoint a Data Protection Officer stand now? The EU Parliament and the Council adopted own amendments on the Commission’s proposed text on March 2014 and June 2015, respectively. The 3 European legislative bodies have entered into multilateral talks (the “trilogue”) to agree on the final text of the proposed Regulation.