TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Bavarian DPA releases GDPR implementation questionnaire Related reading: Are all these GDPR-consent emails even necessary?


The Bavarian Data Protection Authority released a questionnaire designed to assist companies assessing where they stand in terms of General Data Protection Regulation implementation, Hunton & Williams reports. The questionnaire was sent to 150 randomly selected Bavarian companies and asked questions about GDPR procedures and the responsibilities of the data protection officer, data processing activities and privacy by design, onboarding of external vendors and data processing agreements, transparency and privacy notices, accountability and data breach notifications. The DPA said it will conduct more investigations after the May 2018 implementation date, and the results of the questionnaire will be used to dictate how the investigations will proceed. Editor's Note: The IAPP has launched a new blog dedicated to the data protection officer. 
Full Story

1 Comment

If you want to comment on this post, you need to login.

  • comment Roger Edwards • May 30, 2017
    I have come across a number of companies who assume/expect passive enforcement of GDPR and measure somewhat unrealistically assess their compliance risk based on the perceived risk of a data breach. This example shows that if a helpful questionnaire can morph into an investigative tool, it significantly ups the ante in compliance concerns.  We shouldn't forget that identifying GDPR violations may be as easy as hiring a few clerks to scan Europe-facing websites to determine (first of all) if a DPO is appointed where required and then issuing a brief information request to the named DPO (the first question soliciting a brief summary of the DPO's experience and credentials).