CASES, SANCTIONS AND CLAIMS
- The Belgian DPA has imposed a fine of 50,000 EUR to a company for breach of article 38 (6) of the GDPR. The Belgian DPA established that DPO and Chief Compliance/Risk/Audit Officer are incompatible positions.
- The Litigation Chamber of the Belgian Data Protection Authority imposed a €50,000 fine on a company for non-compliance with the requirements under the GDPR related to the appointment of a data protection officer.
- The Saxon State Labour Court in Germany ruled on the dismissal of a DPO (see here an article in English).
- Facebook’s German branch fined 51,000 euros for not appointing a DPO, should serve as “warning” for others, as per German DPA. The company has also postponed its launch of a dating feature on the online platform, following concerns of the Irish privacy supervisor.
REPORTS AND ARTICLES FROM OTHER ORGANISATIONS
- Privacy professionals advise on Avoiding Conflicts of Interest in Selecting a Data Protection Officer.
- Gabriela Zanfir-Fortuna: Webinar – “The independent and effective DPO”.
OFFICIAL GUIDELINES, REPORTS AND STATEMENTS
- Training Data Protection Authorities and Data Protection Officers – T4DATA project: The DPO Handbook.
- North Rhine-Westphalia DPA: FAQ on DPOs (read here an article in English). The DPA provides examples of conflict of interest and rejects the possibility that a legal person might be a DPO.
- The Italian supervisory authority has published an English manual aimed to support data protection officers of public institutions in the application of the GDPR.