Christoph Klug GDD © GDD e.V. gdd German Association for Data Protection and Data Security Christoph Klug ATTORNEY AT LAW Phone: +49-228/694313 Fax: +49-228/695638.

Slides:



Advertisements
Similar presentations
Pentti Mäkinen Central Chamber of Commerce of Finland Benefits of low regulation environment Brussels
Advertisements

European Data Protection Supervisor EC Data Protection Conference, Brussels, 20 May 2009 Transparency and Notification in the Age of Internet: more Effective.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
The Data Protection (Jersey) Law 2005.
Hong Kong Privacy Code on Human Resource Management
Office of Inspector General (OIG) Internal Audit
Regulatory Body MODIFIED Day 8 – Lecture 3.
| | Seite 1 Basic Principles of Insurance Supervision Duties and Operation of a Supervisory Authority under Coordinated European Legislation.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Health & Safety Risk Assessments.
Prof. P. Gola Prof. Peter Gola President German Association for Data Protection and Data Security GDD GDD numbers: Founded in 1977 (1. German Federal DP.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Control environment and control activities. Day II Session III and IV.
Commission for the Prevention of Corruption Republic of Slovenia INTEGRITY I ACCOUNTABILITY I RULE OF LAW.
Supporting Compliance: Effective Guidance and Advice to Business Giedrius Kadziauskas, Consultant, Inspection Reform and Better Regulation.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
1 AN OVERVIEW OF THE FRENCH PUBLIC OVERSIGHT SYSTEM Vienna, 15 March 2006.
Supervision and regulation of banking system duty is given to a autonomous organization called Banking Regulation and Supervision Agency. BRSA is public.
© Securities Commission, Malaysia 1 What the Audit Oversight Board will do ICAA-MICPA Audit Forum 3 August 2010.
Preparing Russian Companies for UK Bribery Act Enforcement - The Defence of “Adequate Procedures” Nicholas Munday 14 December 2010 Moscow.
European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”
Programme Performance Criteria. Regulatory Authority Objectives To identify criteria against which the status of each element of the regulatory programme.
IAEA International Atomic Energy Agency School of Drafting Regulations – November 2014 Government and Regulatory Body Functions and Responsibilities IAEA.
Staffing and training. Objectives To understand approaches to the development of strategies and policies for staffing of a Regulatory Authority including.
1 The Future Role of the Food and Veterinary Office M.C. Gaynor, Director, FVO EUROPEAN COMMISSION HEALTH & CONSUMER PROTECTION DIRECTORATE-GENERAL Directorate.
LATVENERGO GROUP COMPLIANCE AND FRAUD RISK MANAGEMENT Kristine Arensone Compliance officer
Territorial Safety Officer (TSO) - Initial The TSO function2.
Data Protection Office1 Training Course on Data Protection Nico Hilbert Assistant to the Data Protection Officer March 9th, 2005.
The Use of Actuaries as Part of a Supervisory Model Michael Hafeman – Consultant World Bank May 2004.
1.  Presentation to the Standing Committee on Finance – Parliament  23 October
SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:
Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.
Leading State Inspector Ivan Rovkach Department of Nuclear and Radiation Safety Ministry of Emergency Situations of the Republic of Belarus(GOSATOMNADZOR)
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]
Evaluation of restrictions: art. 15 and art TAIEX Seminar on the EU Service Directive, 3 May 2007 Carlos Almaraz.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.
Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Program Performance Criteria.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Every employer must ensure, as far as is reasonable practicable, the health, safety and welfare of all his employees More specifically, employers must.
Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management
The CPA Profession Chapter 2.
Surveillance around the world
ISO/IEC
GDPR Module 3: Accountability and Governance
Data protection headaches: GDPR, brexit AND perimeter risk
The TSO function (Territorial Safety Officer)
Data Protection The Current Regime
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Effective Control of the Landing Obligation
Establishing the Infrastructure for Radiation Safety Preparatory Actions and Initial Regulatory Activities.
Bob Siegel President Privacy Ref, Inc.
GDPR - New Data Protection Regulation
GDPR – Practical Implementation Managing contracts, procurement and relationships with suppliers Terry Brewer Chief Executive.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
How is the GDPR enforced ?
European Data Supervisor
Welcome!.
Governing the risk of GDPR compliance
The EDPS: competences and processing of personal data in EU funds
Fines, Sanctions and Compensation The teeth in the GDPR & Data Protection Act 2018 by Simon McGarr, CIPP/E Data Compliance Europe.
General Data Protection Regulation “11 months in”
A. Šidlauskas Mykolas Romeris University (LITHUANIA)
Presentation transcript:

Christoph Klug GDD © GDD e.V. gdd German Association for Data Protection and Data Security Christoph Klug ATTORNEY AT LAW Phone: / Fax: / Internet: Gesellschaft für Datenschutz und Datensicherung e.V.

Christoph Klug GDD © GDD e.V. gdd qNon-profit organisation qFounded in 1976 (1. German Data Protection Act) qMission for over 25 years: –Help members to comply with privacy provisions –Support data protection officers »Education and training (seminars, conferences, publications) »Guidance (legal, technical, organisational problems) –Lobbying: reasonable, effective and practicable data protection

Christoph Klug GDD © GDD e.V. Membership-Development Stand:

Christoph Klug GDD © GDD e.V. Membership structure Stand:

Christoph Klug GDD © GDD e.V. Data Protection Official qDefinition: –A natural person, appointed by the controller of personal data, who shall independently assure that personal data is processed in a correct and lawful manner. qBusiness title: –Data protection officer (Germany, Netherlands) –Personal data representative (Sweden) –Corporate privacy officer (US)

Christoph Klug GDD © GDD e.V. The DPO-Concept qSelf-regulation (corporate self-monitoring) qMore effective data protection –Corporate compliance institution in addition to –Supervisory authority qAvoidance of unnecessary bureaucracy –Unburden supervisory authorities –Simplify notification –Prior checking by DPO instead of DP-authority

Christoph Klug GDD © GDD e.V. Origins of the DPO qGerman model implemented in EU-Directive (95/46/EG) qArt. 18 (2): Simplification of or exemption from notification where the controller, in compliance with the national law which governs him, appoints a data protection official, responsible in particular for: –ensuring in an independent manner the internal application of the national provisions taken pursuant to this Directive –keeping a register of processing operations carryed out by the controller...

Christoph Klug GDD © GDD e.V. Main Tasks qEnsure a lawful handling of personal data by the controller (company) including –Prior checking when specific risks - Article 20 (2) –Supervision of processors acting on behalf of the controller –Compliance with (internal) corporate privacy provisions such as codes of conduct or contractual obligations –Familiarise staff with data protection provisions qTransparency –Keep public register (any person) –Data subject rights (information, access, correction etc.)

Christoph Klug GDD © GDD e.V. Independent Status qArticle 18 (2) EU-Directive qPosition to exercise his functions in complete independence qIndependent inspection of processing operations –Necessary powers, means, premises, facilities, equipment, resources –Makes own professional judgement qIn case of grievances: report to head of the controller qController remains responsible for legal processing

Christoph Klug GDD © GDD e.V. Qualifications qNo requirements in EU-Directive qOnly vague requirements by German law: –“necessary know-how and reliability“ qGDD-Study: –Adequate knowledge of data protection law –Adequate knowledge of IT functions –Basic knowledge of business-related economics –Specific knowledge of the company`s internal structures and processing operations

Christoph Klug GDD © GDD e.V. Appointment of a DPO qEU-Directive: Appointment in compliance with the national law qGermany: Depending on size companies have to formally appoint DPO in writing. Mandatory appointment for public bodies. qNetherlands: DPO (optional) has to be registered with the DP-Commission (list) qSweden: DPO (optional). Practice: notification to the supervisory authority

Christoph Klug GDD © GDD e.V. Appointment Options qFull-time DPO –Larger companies –Multinational corporations, where the DPO is in charge for the affiliates as well (privacy assistants!) qPart-time DPO –Smaller companies –The DPO may hold another job in the firm qExternal DPO –Not employee but external consultant

Christoph Klug GDD © GDD e.V. The Value of Corporate DPOs qCorporate privacy management by DPO –Competitive advantage (own privacy chief) –Harmonised level of protection in multinational organisations –Self-regulatory approach allows for global enforcement qData protection controls can be improved –Two compliance institutions instead of one qSupervisory authorities can be unburdened –Self-monitoring –Prior checking –Notification

Christoph Klug GDD © GDD e.V. Simplification of Notification qEuropean Commission DP Conference in September –Evaluation of EU-Directive –Not a radical revision –Guidance for a better harmonisation –More uniform and consistent application in member states –Among other things: Simplification of notification qMember states and EU candidates should give companies the opportunity to appoint DPOs, thus avoiding the necessity to notify to the supervisory authority.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.