Dear All,

At the moment, the UK has a DP regime where the max monetary penalty notice is £500k.  Since the MPN was introduced, organisations have reacted in different ways. We have seen some organisation fight the MPN to the final stage, incurring legal costs. We have seen CEOs step down after the MPNs were received.

 

What has occurred is that the MPNs have focused the minds. In that sense, it has made it important for the organisations to get it right. All along, the humble DP officer has been on the side lines saying “Mind the DPA or the MPN will get you.” With that advice, the organisation operates as it needs to without the DP officer being responsible for either the advice or the organisation. In the end, the organisation can take the advice or operate as they want.

 

The DPO is a different creature. They will now be responsible for giving clear guidance to the organisation for it to comply with the GDPR. If they get that guidance wrong, if they say “You need to do x, y and z” but it turns out that z was not the correct interpretation of the GDPR, then they will be in for some scrutiny. To be sure, the Data Controller is responsible not the DPO. The GDPR makes this clear. However, if the DPO has said that is ok I am certain that organisations will want to ask some questions.

 

Much will depend on how the organisation sees the DPO and the way their contract is written. The contract will reflect how they are seen to work with the normal GDPR compliance work within the organisation. No matter what, the DPO will be under more scrutiny than the Data Protection officers.  

 

Best,

 

Lawrence

 

 

Lawrence Serewicz

Information and Records Manager

Transformation and Partnerships

Durham County Council

County Hall

Room 143-148 4th Floor

Durham

County Durham

DH1 5UF

 

Direct 03000 268 038

Switchboard 03000 26 0000

 

www.durham.gov.uk

Follow us on Twitter @durhamcouncil

Like us at facebook.com/durhamcouncil

Follow us on linkedin.com/company/durham-county-council

---

---

Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

---

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

• Leaving this list: send leave data-protection to [log in to unmask]
• Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
• To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
• To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner data-protection-request@JISCMail.ac.uk

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

---