Now that the EU General Data Protection Regulation is in effect, many organizations need data protection officers. However, not all organizations can or need to staff the DPO role in-house — and the regulation does not require organizations to do so; Article 37(6) allows for the data protection officer role to be filled using a service contract. But what should a DPO service contract look like? The IAPP offers this sample document as a starting point for organizations considering the engagement of an external DPO. Find it at the Full Story link. (IAPP member login required.) Editor's Note: For more information on the DPO role, see the IAPP's DPO Toolkit.
Full Story
Comments
If you want to comment on this post, you need to login.