Just for comparison, Health & Safety Officer is a similar position which in our organisation sits with a manager who is responsible for advising the Board. Is DPO not just the same?
Neither Officer should balk at providing the Governing Body with advice on the necessity of reporting or mitigating potential risk. Otherwise I'd contend that we lose the argument that IM/IG/RM is a Profession.
An IG professional should feel covered by GDPR and the ICO and frankly IMHO should be ready to stand up for the Law.
But it has been a long day, so I do understand the potential for abuse in horrible workplaces.
Apologies if this sounded too much like a rant/ramble
Suzy
Suzy Taylor MA MCLIP
Information, Records and Projects Manager
New College Durham
0191 375 4422
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 12 July 2017 10:03
To: [log in to unmask]
Subject: Re: [data-protection] DPO - where does it sit?
I do understand where Andrew is coming from.
If you think about the likely job description of an employee, it places the DPO (potentially) into a quasi-regulatory role and therefore may create an environment where the DPO is excluded from early discussions related to, say, a breach for fear of forcing the DPOs hand in terms of reporting requirements.
There is also a need to decide where this role actually lies. Is it quite senior, or more junior and this decision will also have a bearing on the nature of the potential conflicts of interest. Senior may be better, but might conflict with other decision making issues. More junior may be preferable but bring with it decision issues related to the DPOs future. As any dog will tell you; don't bite the hand that feeds you - and this is the scenario that, rightly or wrongly, many organisations feel they are facing. Particularly the private sector where the majority of organisations do not have anything remotely like the public sector "Information Governance Manager".
Gotta do something though.
Simon.
Simon Howarth
The Information Edge (Webtech Systems Limited) Privacy and Data Protection
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Peter Dinsdale
Sent: 11 July 2017 14:15
To: [log in to unmask]
Subject: Re: [data-protection] DPO - where does it sit?
Interesting comment. What are you suggesting? That the DPO should never be an employee or that it's not possible to completely remove a conflict of interest?
Not the most practical of viewpoints to adopt, I have to say....
>-----Original Message-----
>From: This list is for those interested in Data Protection issues
>[mailto:data-
>[log in to unmask]] On Behalf Of Harvey Andrew (Western Sussex
>Hospitals)
>Sent: 11 July 2017 11:22
>To: [log in to unmask]
>Subject: Re: [data-protection] DPO - where does it sit?
>
>By being an employee there is an inherent conflict of interest, always.
>
>Kind regards,
>Andrew.
>
>
>Andrew Harvey AMIRMS
>Head of Information Governance
>GDPR Data Protection Officer
>Chair, Sussex-Wide Information Governance Group Western Sussex
>Hospitals NHS Foundation Trust Worthing Hospital, Lyndhurst Road,
>Worthing, BN11 2DH Tel 01903 205111 x84508 Mob 07900 736922 Email
>[log in to unmask] NHSmail [log in to unmask] If unavailable
>[log in to unmask] Is your Information Governance
>Mandatory Training up to date? If not, click here.
<snip>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
________________________________
"Please remember to switch off all lights, computers, monitors, printers and other non-essential electrical equipment"
[http://www.data.newcollegedurham.ac.uk/Marketing/mainimage.jpg]<http://www.newcollegedurham.ac.uk/news-events/9123/>
[http://www.data.newcollegedurham.ac.uk/Marketing/facebook_logo_black.jpg]<https://www.facebook.com/NewCollegeDurham> [http://www.data.newcollegedurham.ac.uk/Marketing/LinkedIn_black.jpg] <http://www.linkedin.com/company/new-college-durham> [http://www.data.newcollegedurham.ac.uk/Marketing/flickr.jpg] <http://www.flickr.com/photos/97010507@N02/sets> [http://www.data.newcollegedurham.ac.uk/Marketing/twitter_logo_black.jpg] <https://twitter.com/ncdofficial>
New College Durham, Framwellgate Moor Campus, Durham DH1 5ES
________________________________
This message is sent in confidence to the addressee only. It may contain confidential or sensitive information. The contents are not to be disclosed to anyone other than the addressee. Unauthorised recipients are requested to preserve this confidentiality and to advise us of any errors in transmission.
________________________________
"PLEASE DO NOT PRINT THIS EMAIL UNLESS STRICTLY NECESSARY"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|