GDPR: Article 29 Working Party DPO Guidance Should Address Issues of DPA Cooperation and Confidentiality Obligations

When appointing a Data Protection Officer (DPO), there should be no confidential communications between DPAs and DPOs as it suggests a special relationship not required by the GDPR and risks turning the DPO into a satellite regulator within the organisation; the obligation of secrecy/confidentiality should be interpreted and applied in a way that ensures the DPO’s loyalty to the organisation is not compromised, their role within the organisation as a trusted counselor is preserved, and the duty of secrecy is protected.

Be the first to comment

Leave a Reply

Your email address will not be published.