TR_DPA_Confidence Matters_Woman_v2_S063545_gif_728x90_ros_020718
Original reporting from IAPP staff and contributed features from IAPP members.

Determining the reporting line of the DPO

Carolin Stenz and Sarah Taïeb
The role attributed to the data protection officer is one manifestation of the accountability principle of the General Data Protection Regulation. As such, the GDPR requires that the DPO exercises its functions independently and that he or she “shall directly report to the highest management level,”...
Data-processing agreements from 30,000 feet
John Clarke
“Processing by a processor shall be governed by a contract or other legal act…” (Article 28, GDPR) Commonly referred to as a “data processing agreement” this type of contract governs the relationship between a controller, a processor, and the data being processed. These contracts can come in m...
GDPR implementation bills: the election problem
David Meyer
It is by now no secret that a lot of EU countries won't have implementing acts ready in time for the introduction of the General Data Protection Regulation this week. While this is unlikely to be the end of the world for most companies — the GDPR doesn't need to be transposed into member states' nat...
What role can internal auditors play in GDPR compliance?
Emma Haenebalcke
Internal auditors ranked EU General Data Protection Regulation compliance as a top priority in the run-up to May 25, 2018. Knowing that penalties under the GDPR can amount to 4 percent of global annual turnover, many heads of internal audit are including a review of this area within their annual int...
How to approach DPIAs under the GDPR
Massimo Montanile
The guiding principles of the General Data Protection Regulation stimulate organizations to address the issue of compliance with an approach based on continuous risk assessment. The correct implementation of a GDPR compliance model obliges organizations to review the bureaucratic and paper-based ap...
Implementing appropriate security under the GDPR
Andrew Clearwater, CIPP/US and Brian Philbrook, CIPP/E, CIPP/US, CIPM, CIPT
The GDPR is finally here, and things like data mapping, DPIAs, consent management, and data subject rights have been on everyone’s mind leading up to its arrival. While these operational requirements are obvious for many companies, some others have flown under the radar. One in particular that we ha...
Encouraging a self-resolution approach under the accountability principle
Luis Alberto Montezuma, CIPP/C, CIPP/E, CIPP/US, CIPM, FIP and Qian Li Loke, CIPP/A, CIPM
The strong emphasis on the accountability principle in some regulations allows organizations to resolve complaints or disputes relating to the data protection (or data privacy) provisions through alternate dispute resolution mechanisms, such as conciliation, negotiation or mediation, or even arbitra...