1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

Slides:



Advertisements
Similar presentations
Basic Principles of GMP
Advertisements

ENTITIES FOR A UN SYSTEM EVALUATION FRAMEWORK 17th MEETING OF SENIOR FELLOWSHIP OFFICERS OF THE UNITED NATIONS SYSTEM AND HOST COUNTRY AGENCIES BY DAVIDE.
1 A FUTURE EUROPEAN SPORTS POLICY In the name of Autonomy and Specificity By Prof. Michele Colucci, Tilburg University Website: -
International guidelines: Similarities and Criticisms
ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Research and Innovation Why does ERA Need to Flourish ERA - State of Play Octavi Quintana Trias Brussels, 19th April 2013.
EU funds’ evaluation plan , Latvia
The Implementation Structure DG AGRI, October 2005
THE CERTIFYING AUTHORITY
The Managing Authority –Keystone of the Control System
Management and control systems Franck Sébert, DG Regional and Urban Policy, Head of Unit C1 FOURTEENTH MEETING OF THE EXPERT GROUP ON.
Introduction to Article 45 (5) of the CLP Regulation
“Train the trainers” seminar
Joint presentation by respective units in DGs AGRI, EMPL and REGIO IPA Components III, IV and V: Conditions for successful preparation and absorption of.
European Union Cohesion Policy
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
1 NECOBELAC Project WORK PACKAGE 3 Cross-national advocacy infrastructure.
EMS Checklist (ISO model)
Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
European Commission Enterprise and Industry # European Standardisation: Proposal for a Regulation Presentation to IMCO – 5 October 2011 European Commission.
1 The interconnection of business registers Judit Fischer – DG Internal Market and Services Budapest, 14 June 2010.
SAI Performance Measurement Framework
Shared Information and Mutual Assistance Book V – Mutual Assistance Book VI – Administrative Information Management Presentation for the EU Ombudsman /
2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.
L EDA K OURSOUMBA C OMMISSIONER FOR C HILDREN ’ S R IGHTS (C YPRUS ) ENOC C HAIR E LECT European Network of Ombudspersons for Children (ENOC) 1.
Impact of the Lisbon Treaty on the Common Security and Defence Policy of the European Union 24 February 2013 Joël Schuyer.
The role of ACER In the Regional Initiatives Steve Gordon Head Of the Gas Department North West Regional Initiatives 2011.
25 seconds left…...
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Audits – VERIFYING EQUIVALENCE Presented by : Donald Smart Office of International Affairs Food Safety and Inspection Service.
Auditing, Assurance and Governance in Local Government
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
NORMAPME ISO User Guide for European SMEs The essence of.
Europol’s tailor-made data protection framework
Training on Data Protection Roles of the Data Protection Office.
“ The Albanian Commissioner for Personal Data Protection Office” “ The Albanian Commissioner for Personal Data Protection Office” ” 3 rd International.
Report about controlling activity and its results in the programme in 2013 TOP Monitoring Committee Meeting
Romanian Court of Accounts years of existence.
Good practices from and for the EU accountability process Irena Petruškevičienė Vilnius, 17 October 2006.
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Co-operation Between the Ministry of Finance and the Court.
1 Workshop on the Directive 96/61/EC concerning (IPPC) Integrated pollution prevention and control INFRA Public participation & access to environmental.
European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”
European Data Protection Supervisor Inhye Lee. What is EDPS?  Located in Brussels, Belgium  Established in January 2004  Peter Hustinx, Joaquin Bayo.
Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods March 2006 Vilnius (Lithuania) Hungarian Experiences.
1 The Future Role of the Food and Veterinary Office M.C. Gaynor, Director, FVO EUROPEAN COMMISSION HEALTH & CONSUMER PROTECTION DIRECTORATE-GENERAL Directorate.
Status and role of International Department (Slovak experience) MGSC Meeting Luxembourg 23 – 24 March 2012 SOSR.
Data Protection Office1 Training Course on Data Protection Nico Hilbert Assistant to the Data Protection Officer March 9th, 2005.
Implementing the New EU General Data Protection Regulation Conference 2016 Preparing for a DP audit Ashley Roughton Nabarro LLP.
The EU General Data Protection Regulation Frank Rankin.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 28 – Consumer and Health Protection.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 32 – Financial control Bilateral screening:
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 32 – Financial Control Bilateral screening:
INTERNAL AUDIT SERVICE of the REPUBLIC OF CYPRUS
STRESS TESTS and TAIWAN PEER REVIEW PROCESS
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Vytenis Andriukaitis European Commissioner for Health and Food Safety
PEMPAL Internal Control Working Group– 45th IACOP Meeting
EU Reference Centres for Animal Welfare
years of existence.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
The role of the ECCP (1) The involvement of all relevant stakeholders – public authorities, economic and social partners and civil society bodies – at.
The partnership principle in the implementation of the CSF funds ___ Elements for a European Code of Conduct.
The activity of Art. 29. Working Party György Halmos
The EDPS: competences and processing of personal data in EU funds
European Standards for Equality Bodies An Equinet journey
A. Šidlauskas Mykolas Romeris University (LITHUANIA)
Presentation transcript:

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data Protection European Parliament - Brussels - 8 June 2011

2 The views expressed are solely those of the writer and may not be regarded as stating an official position of the Council

3 Contents  DPO Duties  Main tasks  Best practices  p.m. : External cooperation  Internal cooperation  Authority and controllers  Other services  Examples of possible contributions from IT service and from internal audit  Data subjects  Staff Committee  Conclusion

4 Overview To carry out his mission, i.e. to ensure in an independent manner the internal application of the Regulation  DPO has no real powers of enforcement BUT the power to influence and efficient means are also available to him  DPO is a key player in ensuring that EU institutions respect their Data Protection obligations BUT is very unlikely to succeed alone

5 DPO Duties : Main tasks (1)  providing information and raising awareness on Data Protection  ensuring that controllers and data subjects are informed of their rights and obligations  providing the institution/body with recommendations and advices  assisting data subjects e.g. by examining questions submitted to him, by handling requests for investigation, by bringing together data subjects and controllers

6 DPO Duties : Main tasks (2)  Monitoring of compliance notification procedure, access to information and premises, investigations…  keeping a register of processing operations notified to him  cooperating with the EDPS and the DPOs  notifying the EDPS of processing operations likely to present specific risks (Article 27)

7 DPO Duties :Best practices  promoting a “data protection culture” within the institution intranet website, booklets, training, recommendations, events  developing from the outset an appropriate IT system to manage the inventory of processing operations and to keep the register of notified processing operations  submitting an annual report and a work programme  keeping informed and involved in relevant internal discussion groups or committees (IT security, public procurement, organisational changes)  cooperating with internal and external stakeholders

8 External Cooperation DPO Other DPOs EDPS

9 Internal cooperation Data Protection Officer Data subjects Staff Committee Other services Authority and controllers Data Protection Contact persons

10 Cooperating with the Appointing Authority and with controllers  advising the Appointing Authority on the data protection aspects of its intended measures, e.g. by making recommendations  ensuring that controllers are informed of their obligations  contributing to supervision of the processing operations, e.g. through the notification procedure

11 Cooperating with other services  requesting legal opinion from the Legal Service / Officer e.g. when data protection issues also involve the application of other legal instruments Staff Regulations, Financial Regulation, Security Regulation  calling on experts´services or advice IT service, Infosec, Security  requesting assistance from other specialised services I T development role in implementing Privacy by Design, Internal Audit contribution to verification of compliance

12 Possible contribution from other services example 1 - IT development IT Project leader could assist the IT system owner e.g. in  recalling, taking into account and implementing DP principles at the functional analysis stage purpose, data quality, access rights, security, blocking, erasure and other mechanisms for exercise of rights  recalling the need to open a notification file and to prepare it at the earliest stage  taking into account delays involved by prior checking where applicable  verifying existence of notification to DPO and information to data subjects prior to implementation of any new IT system processing personal data … with possible blocking procedure

13 Possible contribution from other services example 2 - internal audit (IA) In the course of its regular audits, IA could carry out checks or assess risks related to DP obligations e.g.  notification to DPO (Article 25)  information to be given to data subjects (Article 11 and Article 12)  processing of “sensitive“ data (Article 10)  transfer of data to 3rd country (Article 9)  instructions to staff for processing data (Article 21)  management of access rights (Article 22)  security measures (Article 22 and Article 23)  follow-up given to the EDPS opinion (Article 27)

14 Cooperating with data subjects  processing operations often concern staff  answering to requests for consultation or investigation  directing them to the relevant controller  assisting them in case of difficulties for the exercise of their rights  improving transparency of processing operations through the keeping of a Register

15 Cooperating with the Staff Committee - Differences in respective mandates  Staff Committee has a general competence to represent the interests of staff vis-à-vis their institution (Article 9.3 of the Staff Regulation)  DPO is an advisor and the internal guardian of the Data Protection Regulation for ALL parties (Article 24 of Regulation EC n° 45/2001)

16 Cooperating with the Staff Committee - Best practices DPO  answering to requests for consultation or investigation  informing on his activities (hearings, presentation of his annual report) Staff Committee  sharing information gained on data protection issues, e.g. by drawing attention on envisaged processing and possible difficulties  proposing or supporting organisational measures which strengthen the DPO position

17 Cooperating with the Staff Committee - To be kept in mind !  DPO advises ALL internal parties, in confidence if so requested  DPO welcomes any information related to data protection but can only act on solid grounds and in accordance with the Data Protection Regulation  instrumentalisation of data protection is likely to be counterproductive to the very interest of staff

18 CONCLUSION The DPO is a key player in ensuring that the EU institutions respect their Data Protection obligations BUT He/she is very unlikely to succeed alone Cooperation with other stakeholders is fundamental

19 Thank you for your attention !

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.