Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Belgian DPA issues GDPR fine for appointing DPO with conflicting roles

Belgian DPA issues €75,000 GDPR fine for appointing DPO with conflicting roles

The Belgian Data Protection Authority (Autorité de protection des données Gegevensbeschermingsautoriteit) recently issued a €75,000 fine to an unknown Bank for violation of Article 38(6) of the General Data Protection Regulation (GDPR).

Although the amount of the fine might not be as groundbreaking as some others, it might be interesting to know that appointing a Data Protection Officer (DPO) who performs other organizational tasks can prove to be a double-edged sword.

In this particular case, the DPA found an issue with the position of the DPO within the organization and identified a conflict of interest and  violation of Article 38(6):

“The data protection officer may fulfill other tasks and duties. The controller or processor shall ensure that any such tasks and duties do not result in a conflict of interests.”

The Belgian DPA identified a conflict of interest between the DPO’s responsibilities and other duties within the Bank.

The DPO was performing the duty of a different head of a department (Head of the Operational Risk Management, Information Risk Management, and Special Investigation Unit departments) to which he had to report in his capacity as data protection officer, which DPA concluded was in a material conflict of interest.

How to prevent conflict of interest in your organization

Although DPO may perform other duties within the organization, you want to ensure that any other roles do not result in a conflict of interest.

To avoid similar situations, you can follow a few guidelines:

  • Assess the tasks and duties of the appointed DPO
  • DPO should not be a controller of the processing activities
  • DPO should not perform in senior management positions (CFO, CEO, Head of Marketing, Head of HR, and similar roles)

However, the prior decisions on the same matter showed that the DPA could have a very broad interpretation of the conflicting roles that include far more than described in the WP29 guidelines, including any head of the department in the organization.

It might become difficult for organizations to try and combine two or more roles, including DPO, in one single person for more than one reason.

First of all, different roles within an organization can be involved in determining the means and purpose of processing, not just the department heads.

The second reason hides behind the authority and independent role the DPO should embody.

DPO should operate independently, with full support from upper management and the Board, and have access to all needed resources to do the job according to best practices, and this can conflict with the lower role the potential DPO already has.

The Belgian DPA’s decision available in Dutch

Betreft : De uitoefening van de rechten van de betrokkene met betrekking tot de informatiesystemen van een Bank.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top