JISCMail - DATA-PROTECTION Archives

Hi

My view would be as you say. You should not make decisions which put you into conflict with your DPO specific responsibilities - particularly monitoring compliance. That should not be a problem even in a small organisation. SARs may be signed off by the IAO. Head of HR (or delegee) for a staff SAR for example.

Of course it may be in practice you have done all or most of the work so we must accept that it is unlikely you would find non-compliance if you audited but that does not render it pointless if you are genuine about assignment of responsibilities.

That kind of conflict is inherent in the system. In a large organisation I have just drafted GDPR compliant policies and procedures. I have recommended and advised they be adopted. I will have no role in the adoption or authorisation process. If, as I anticipate, they accept my recommendation (subject to correcting typos and howlers) that does not put me out of a job as a DPO. It would be ridiculous to say that a DPO cannot monitor compliance with a policy which was adopted on his advice.

On the other hand you always need to be alert to the possibility of conflict. Without detracting from the above there may well be cases which put you in real difficulty. In a large organisation you can usually call on your internal legal advisers or auditors or in health your Caldicott Guardian. In a smaller organisation I would perhaps be looking for a mutual support agreement with similar.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^