Hi Andrew,
Not sure what robust guidance would be out there except normal working practice as identified in the blog. The personal liability of the DPO role is the same as that for a SIRO, IAO or indeed any worker within a company - none - as they are acting on behalf of the company, unless they themselves have stepped outside of the law or failed to comply with company policy. The Data Controller (and now Data Processor) will take the hit. If the person is not doing their job correctly then that becomes an internal action for the company to act on.
I would though suggest that when companies use an external agent acting as their DPO they have a liability clause in the contract to cover the company in case of poor advice which results in a financial, legal or reputational hit.
Kind Regards
Geoff
Geoff Gray MBE
Information Governance Manager
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Harvey Andrew (Western Sussex Hospitals)
Sent: 13 August 2018 15:18
To: [log in to unmask]
Subject: [data-protection] DPO personal liability / accountability?
Hello, have just been having an email discussion about this. Has anyone found any robust guidance on it? (There is an article from Lexology - https://www.lexology.com/library/detail.aspx?g=ef6f8142-9283-4a98-be5f-54d1054fd646). Many thanks.
Kind regards,
Andrew.
New Data Protection legislation arrived on 25 May 2018! For more information click here<http://nww.westernsussexhospitals.nhs.uk/departments/information-governance/new-data-protection-legislation-from-may-2018/?from_search=general%20data%20protection%20regulation>.
[cid:image001.png@01D26D8D.2F799840]
Andrew Harvey AMIRMS, PG Cert (DP and IG)
Head of Information Governance / Data Protection Officer
Chair, Sussex-Wide Information Governance Group
Chair, National Health and Social Care Strategic Information Governance Network
Brighton & Sussex University Hospitals Trust
Western Sussex Hospitals NHS Foundation Trust
Worthing Hospital, Lyndhurst Road, Worthing, West Sussex, BN11 2DH
Tel 01903 205111 x84508
Mob 07900 736922
Email for BSUH business [log in to unmask]<mailto:[log in to unmask]>
Email for WSHFT business [log in to unmask]<mailto:[log in to unmask]>
NHSmail [log in to unmask]<mailto:[log in to unmask]>
If unavailable [log in to unmask]<mailto:[log in to unmask]>
Is your Information Governance Mandatory Training up to date? If not, click here<http://nww.westernsussexhospitals.nhs.uk/education/learning-development/training-courses/general-study-days/information-governance/?from_search=>.
[cid:image001.jpg@01D1D14E.C88D9030]<http://www.westernsussexhospitals.nhs.uk/get-involved/members-and-governors/become-a-member/> [cid:image002.jpg@01D1D14E.C88D9030] <http://www.twitter.com/westernsussex> [cid:image003.jpg@01D1D14E.C88D9030] <http://www.youtube.com/user/WSHTatNHS> [cid:image004.jpg@01D1D14E.C88D9030] <http://www.facebook.com/WesternSussexHospitals> [cid:image005.jpg@01D1D14E.C88D9030] <http://www.scoop.it/t/western-sussex-hospitals>
www.westernsussexhospitals.nhs.uk<http://www.westernsussexhospitals.nhs.uk/>
The information contained in this e-mail may be subject to public disclosure under the NHS Code of Openness or the Freedom of Information Act 2000.
Any processing, redistribution, disclosure, or reproduction of this message, except as intended is prohibited. Unless the information is legally exempt from disclosure, the confidentiality of this e-mail and your reply cannot be guaranteed.
If you received this e-mail in error, please notify the sender and remove all copies of the message, including any attachments. Any views or opinions expressed in this e-mail (unless otherwise stated) may not represent those of Western Sussex Hospitals NHS Foundation Trust.
E-mails are not considered a secure medium for sending personal, sensitive or confidential information outside the Trust network unless encrypted and may therefore be at risk.
________________________________
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to [log in to unmask]<mailto:[log in to unmask]&BODY=LEAVE%20data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20*%20NOMAIL>
* To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20NOHTML>
* To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]<mailto:[log in to unmask]&BODY=SET%20data-protection%20HTML>
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]<mailto:[log in to unmask]>
Any queries about sending or receiving messages please send to the list owner [log in to unmask]<mailto:[log in to unmask]>
(Please send all commands to [log in to unmask]<mailto:[log in to unmask]> not the list or the moderators, and all requests for technical help to [log in to unmask]<mailto:[log in to unmask]>, the general office helpline)
________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
