CASES, SANCTIONS AND CLAIMS

  • The Belgian DPA has imposed a fine of 50,000 EUR to a company for breach of article 38 (6) of the GDPR. The Belgian DPA established that DPO and Chief Compliance/Risk/Audit Officer are incompatible positions.
  • The Litigation Chamber of the Belgian Data Protection Authority imposed a €50,000 fine on a company for non-compliance with the requirements under the GDPR related to the appointment of a data protection officer.
  • The Saxon State Labour Court in Germany ruled on the dismissal of a DPO (see here an article in English).
  • Facebook’s German branch fined 51,000 euros for not appointing a DPO, should serve as “warning” for others, as per German DPA. The company has also postponed its launch of a dating feature on the online platform, following concerns of the Irish privacy supervisor.

REPORTS AND ARTICLES FROM OTHER ORGANISATIONS

OFFICIAL GUIDELINES, REPORTS AND STATEMENTS

  • Training Data Protection Authorities and Data Protection Officers – T4DATA  project: The DPO Handbook.
  • North Rhine-Westphalia DPA: FAQ on DPOs (read here an article in English). The DPA provides examples of conflict of interest and rejects the possibility that a legal person might be a DPO.
  • The Italian supervisory authority has published an English manual aimed to support data protection officers of public institutions in the application of the GDPR.