Recent decision by Belgium Regulator offers insight into the role of the DPO
The role of the Data Protection Officer continues to cause organizations a great deal of confusion. Where should the role be placed? What are the appropriate responsibilities? What is a “conflict of interest” in this context? Listen to Gabriela Zanfir-Fortuna, senior counsel at Future of Privacy Forum, discuss a recent decision by the Belgium DPA on this issue. As we noted previously, the decision is worth a read and may cause many organizations to rethink their current DPO appointments. In this instance, the company had appointed its Head of the Internal Audit department as the DPO. The Belgian regulator concluded that combining the role of department Head with the role of DPO gave rise to a significant conflict of interest.It considered:
- If the DPO has decision-making power with respect to the dismissal of employees, this conflicts the DPO’s role to be a confidential advisor
- Even though the person was in a role (Head of the Compliance, Risk Management and Audit department) in which he had to fulfill an independent and advisory role in relation to the other business departments, this did not make the person have complete independence with respect to data processing activities
Link to the decision (in Dutch)
Watch the mini-recording with Gabriela Zanfir-Fortuna.