The Bavarian Data Protection Authority has penalized a company for having its IT manager act as data protection officer, resulting in a conflict of interest, Global Compliance News reports. The BayLDA said an IT manager cannot act as an internal DPO, as the latter position would require the manger to monitor himself, negating the independence needed to act as a DPO under the German Federal Data Protection Act. The BayLDA notified the company of the conflict of interest and repeatedly asked it to appoint a new DPO. When the company refused, the BayLDA imposed a fine. The fine's total has not been released. Similar DPO requirements will face companies in other EU member states once the General Data Protection Regulation comes into effect in 2018. Editor's Note: For more information on the GDPR's DPO requirement, check out the IAPP's Top 10 operational impacts of the GDPR.
If you want to comment on this post, you need to login.