The German data protection authorities responsible for the private sector--the Düsseldorfer Kreis--issued a resolution pertaining to company data protection officers (DPOs), the Hunton & Williams Privacy and Information Security Law Blog reports. The resolution sets out minimum expertise requirements for DPOs and addresses their independence within the organizations for which they work. The resolutions come after inspections revealed a "generally insufficient level of expertise among DPOs given data processing complexities and the requirements set by the Federal Data Protection Act." Under the resolution, DPOs should have a general command of data protection law, the blog states, including comprehensive knowledge of the Federal Data Protection Act.
If you want to comment on this post, you need to login.