Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

Published byBrooke Fireman Modified over 10 years ago

Similar presentations

Presentation on theme: "1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data."— Presentation transcript:

1 1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data Protection European Parliament - Brussels - 8 June 2011

2 2 The views expressed are solely those of the writer and may not be regarded as stating an official position of the Council

3 3 Contents  DPO Duties  Main tasks  Best practices  p.m. : External cooperation  Internal cooperation  Authority and controllers  Other services  Examples of possible contributions from IT service and from internal audit  Data subjects  Staff Committee  Conclusion

4 4 Overview To carry out his mission, i.e. to ensure in an independent manner the internal application of the Regulation  DPO has no real powers of enforcement BUT the power to influence and efficient means are also available to him  DPO is a key player in ensuring that EU institutions respect their Data Protection obligations BUT is very unlikely to succeed alone

5 5 DPO Duties : Main tasks (1)  providing information and raising awareness on Data Protection  ensuring that controllers and data subjects are informed of their rights and obligations  providing the institution/body with recommendations and advices  assisting data subjects e.g. by examining questions submitted to him, by handling requests for investigation, by bringing together data subjects and controllers

6 6 DPO Duties : Main tasks (2)  Monitoring of compliance notification procedure, access to information and premises, investigations…  keeping a register of processing operations notified to him  cooperating with the EDPS and the DPOs  notifying the EDPS of processing operations likely to present specific risks (Article 27)

7 7 DPO Duties :Best practices  promoting a “data protection culture” within the institution intranet website, booklets, training, recommendations, events  developing from the outset an appropriate IT system to manage the inventory of processing operations and to keep the register of notified processing operations  submitting an annual report and a work programme  keeping informed and involved in relevant internal discussion groups or committees (IT security, public procurement, organisational changes)  cooperating with internal and external stakeholders

8 8 External Cooperation DPO Other DPOs EDPS

9 9 Internal cooperation Data Protection Officer Data subjects Staff Committee Other services Authority and controllers Data Protection Contact persons

10 10 Cooperating with the Appointing Authority and with controllers  advising the Appointing Authority on the data protection aspects of its intended measures, e.g. by making recommendations  ensuring that controllers are informed of their obligations  contributing to supervision of the processing operations, e.g. through the notification procedure

11 11 Cooperating with other services  requesting legal opinion from the Legal Service / Officer e.g. when data protection issues also involve the application of other legal instruments Staff Regulations, Financial Regulation, Security Regulation  calling on experts´services or advice IT service, Infosec, Security  requesting assistance from other specialised services I T development role in implementing Privacy by Design, Internal Audit contribution to verification of compliance

12 12 Possible contribution from other services example 1 - IT development IT Project leader could assist the IT system owner e.g. in  recalling, taking into account and implementing DP principles at the functional analysis stage purpose, data quality, access rights, security, blocking, erasure and other mechanisms for exercise of rights  recalling the need to open a notification file and to prepare it at the earliest stage  taking into account delays involved by prior checking where applicable  verifying existence of notification to DPO and information to data subjects prior to implementation of any new IT system processing personal data … with possible blocking procedure

13 13 Possible contribution from other services example 2 - internal audit (IA) In the course of its regular audits, IA could carry out checks or assess risks related to DP obligations e.g.  notification to DPO (Article 25)  information to be given to data subjects (Article 11 and Article 12)  processing of “sensitive“ data (Article 10)  transfer of data to 3rd country (Article 9)  instructions to staff for processing data (Article 21)  management of access rights (Article 22)  security measures (Article 22 and Article 23)  follow-up given to the EDPS opinion (Article 27)

14 14 Cooperating with data subjects  processing operations often concern staff  answering to requests for consultation or investigation  directing them to the relevant controller  assisting them in case of difficulties for the exercise of their rights  improving transparency of processing operations through the keeping of a Register

15 15 Cooperating with the Staff Committee - Differences in respective mandates  Staff Committee has a general competence to represent the interests of staff vis-à-vis their institution (Article 9.3 of the Staff Regulation)  DPO is an advisor and the internal guardian of the Data Protection Regulation for ALL parties (Article 24 of Regulation EC n° 45/2001)

16 16 Cooperating with the Staff Committee - Best practices DPO  answering to requests for consultation or investigation  informing on his activities (hearings, presentation of his annual report) Staff Committee  sharing information gained on data protection issues, e.g. by drawing attention on envisaged processing and possible difficulties  proposing or supporting organisational measures which strengthen the DPO position

17 17 Cooperating with the Staff Committee - To be kept in mind !  DPO advises ALL internal parties, in confidence if so requested  DPO welcomes any information related to data protection but can only act on solid grounds and in accordance with the Data Protection Regulation  instrumentalisation of data protection is likely to be counterproductive to the very interest of staff

18 18 CONCLUSION The DPO is a key player in ensuring that the EU institutions respect their Data Protection obligations BUT He/she is very unlikely to succeed alone Cooperation with other stakeholders is fundamental

19 19 Thank you for your attention !

Download ppt "1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data."

Similar presentations

Basic Principles of GMP

Basic Principles of GMP
ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
1 A FUTURE EUROPEAN SPORTS POLICY In the name of Autonomy and Specificity By Prof. Michele Colucci, Tilburg University Website: www.colucci.eu - Email:

1 A FUTURE EUROPEAN SPORTS POLICY In the name of Autonomy and Specificity By Prof. Michele Colucci, Tilburg University Website: -
International guidelines: Similarities and Criticisms

International guidelines: Similarities and Criticisms
ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.

ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Research and Innovation Why does ERA Need to Flourish ERA - State of Play Octavi Quintana Trias Brussels, 19th April 2013.

Research and Innovation Why does ERA Need to Flourish ERA - State of Play Octavi Quintana Trias Brussels, 19th April 2013.
EU funds’ evaluation plan , Latvia

EU funds’ evaluation plan , Latvia
The Implementation Structure DG AGRI, October 2005

The Implementation Structure DG AGRI, October 2005
THE CERTIFYING AUTHORITY

THE CERTIFYING AUTHORITY
The Managing Authority –Keystone of the Control System

The Managing Authority –Keystone of the Control System
2014-2020 Management and control systems Franck Sébert, DG Regional and Urban Policy, Head of Unit C1 FOURTEENTH MEETING OF THE EXPERT GROUP ON.

Management and control systems Franck Sébert, DG Regional and Urban Policy, Head of Unit C1 FOURTEENTH MEETING OF THE EXPERT GROUP ON.
Introduction to Article 45 (5) of the CLP Regulation

Introduction to Article 45 (5) of the CLP Regulation
“Train the trainers” seminar

“Train the trainers” seminar
Joint presentation by respective units in DGs AGRI, EMPL and REGIO IPA Components III, IV and V: Conditions for successful preparation and absorption of.

Joint presentation by respective units in DGs AGRI, EMPL and REGIO IPA Components III, IV and V: Conditions for successful preparation and absorption of.
European Union Cohesion Policy

European Union Cohesion Policy
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
1 NECOBELAC Project WORK PACKAGE 3 Cross-national advocacy infrastructure.

1 NECOBELAC Project WORK PACKAGE 3 Cross-national advocacy infrastructure.

Similar presentations

Ads by Google