I do understand where Andrew is coming from.
If you think about the likely job description of an employee, it places the DPO (potentially) into a quasi-regulatory role and therefore may create an environment where the DPO is excluded from early discussions related to, say, a breach for fear of forcing the DPOs hand in terms of reporting requirements.
There is also a need to decide where this role actually lies. Is it quite senior, or more junior and this decision will also have a bearing on the nature of the potential conflicts of interest. Senior may be better, but might conflict with other decision making issues. More junior may be preferable but bring with it decision issues related to the DPOs future. As any dog will tell you; don't bite the hand that feeds you - and this is the scenario that, rightly or wrongly, many organisations feel they are facing. Particularly the private sector where the majority of organisations do not have anything remotely like the public sector "Information Governance Manager".
Gotta do something though.
Simon.
Simon Howarth
The Information Edge (Webtech Systems Limited)
Privacy and Data Protection
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Peter Dinsdale
Sent: 11 July 2017 14:15
To: [log in to unmask]
Subject: Re: [data-protection] DPO - where does it sit?
Interesting comment. What are you suggesting? That the DPO should never be an employee or that it's not possible to completely remove a conflict of interest?
Not the most practical of viewpoints to adopt, I have to say....
>-----Original Message-----
>From: This list is for those interested in Data Protection issues
>[mailto:data-
>[log in to unmask]] On Behalf Of Harvey Andrew (Western Sussex
>Hospitals)
>Sent: 11 July 2017 11:22
>To: [log in to unmask]
>Subject: Re: [data-protection] DPO - where does it sit?
>
>By being an employee there is an inherent conflict of interest, always.
>
>Kind regards,
>Andrew.
>
>
>Andrew Harvey AMIRMS
>Head of Information Governance
>GDPR Data Protection Officer
>Chair, Sussex-Wide Information Governance Group Western Sussex
>Hospitals NHS Foundation Trust Worthing Hospital, Lyndhurst Road,
>Worthing, BN11 2DH Tel 01903 205111 x84508 Mob 07900 736922 Email
>[log in to unmask] NHSmail [log in to unmask] If unavailable
>[log in to unmask] Is your Information Governance
>Mandatory Training up to date? If not, click here.
<snip>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|