Dear All,
At the moment, the UK has a DP regime where the max monetary penalty notice is £500k. Since the MPN was introduced, organisations have reacted in different ways. We have seen some organisation fight the MPN to the final stage, incurring legal costs. We have seen CEOs step down after the MPNs were received.
What has occurred is that the MPNs have focused the minds. In that sense, it has made it important for the organisations to get it right. All along, the humble DP officer has been on the side lines saying “Mind the DPA or the MPN will get you.” With that advice, the organisation operates as it needs to without the DP officer being responsible for either the advice or the organisation. In the end, the organisation can take the advice or operate as they want.
The DPO is a different creature. They will now be responsible for giving clear guidance to the organisation for it to comply with the GDPR. If they get that guidance wrong, if they say “You need to do x, y and z” but it turns out that z was not the correct interpretation of the GDPR, then they will be in for some scrutiny. To be sure, the Data Controller is responsible not the DPO. The GDPR makes this clear. However, if the DPO has said that is ok I am certain that organisations will want to ask some questions.
Much will depend on how the organisation sees the DPO and the way their contract is written. The contract will reflect how they are seen to work with the normal GDPR compliance work within the organisation. No matter what, the DPO will be under more scrutiny than the Data Protection officers.
Best,
Lawrence
Lawrence Serewicz
Information and Records Manager
Transformation and Partnerships
Durham County Council
County Hall
Room 143-148 4th Floor
Durham
County Durham
DH1 5UF
Direct 03000 268 038
Switchboard 03000 26 0000
Follow us on Twitter @durhamcouncil
Like us at facebook.com/durhamcouncil
Follow us on linkedin.com/company/durham-
county-council
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/
lists/data-protection.html Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
- Leaving this list: send leave data-protection to [log in to unmask]
- Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
- To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
- To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/
help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]Any queries about sending or receiving messages please send to the list owner data-protection-request@
JISCMail.ac.uk (Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)