Jim Cormier’s Post

This is an excellent opportunity to learn about the potential benefits to self-certifying to the DPF! Join us today! #dataprivacyframework #gdpr #privacy

European privacy regulators are starting to take notice of low-cost, low-effort, tick-the-box DPO solutions, and they're not impressed. The Belgian DPA recently fined a company €245,000 for, among other things, failure to provide adequate resources to their part-time, outsourced DPO. The DPA held, in part, that: 💡 "An adequate allocation of time for the DPO to effectively fulfill their duties is essential. This aspect is particularly important when the DPO performs their role part-time, whether they are internal or external to the organization. 💡 The lack of time allocated to the DPO for the exercise of their functions could lead to conflicts of priorities and compromise their ability to fulfill their duties. To address this situation, WP29 recommends determining, in conjunction with the DPO, the estimated time needed to perform their role (the need is greater when entering the role). It may be useful to establish a work plan that prioritizes the DPO's tasks to ensure they have the necessary time to fully assume their responsibilities. Furthermore, it is essential that the allocation of resources for the DPO is proportional to the size, complexity, structure, and risks associated with the data processing activities. Consequently, the more complex or sensitive the processing operations, the more substantial the resources allocated to the DPO will need to be." (Translated with the help of ChatGPT from the original French.) ❗ If your business is relying on a DPO service that only supports you for a few hours per month, you're in danger of this happening to you. If you're concerned about whether your DPO solution is compliant, I'm happy to chat. #dpo #gdpr #privacy #dataprotection