The role and responsibilities of the Data Protection Officer (DPO) in helping an entity to comply with the European Union General Data Protection Regulation (EU GDPR) presents unique challenges in-and-of-itself. However, it also requires a unique working relationship both internally and externally in order to avoid conflicts of interest. This post will explore the delicate balance that must be struck by the DPO in being simultaneously employed by an entity, while maintaining an appropriate distance and autonomy from that same entity in the performance of his/her duties. Although employed by the entity that collects, stores, and processes data, the DPO’s ultimate loyalty is owed to the Data Subject.
Continue reading “EU GDPR: The Special Role and Responsibilities of the DPO”