Belgian DPA fines organization for conflict of interest and negligence

The Belgian Data Protection Authority (DPA) imposed a fine of EUR 50,000 for noncompliance with the GDPR conflict of interest requirement. According to an analysis by Cordery Compliance:[1]

The Belgian DPA decided that although the [organization’s data protection officer (DPO)] had been sufficiently involved in the data protection processes referred to in this matter…, by appointing as DPO the person who was the director of the separate compliance, risk management and audit departments, the organisation was non-compliant with the requirement to ensure that its DPO had no conflicts of interest. According to the Belgian DPA, there was no possibility of independent supervision by the DPO of each of these three departments, and the accumulation of these functions could lead to insufficient guarantees of secrecy and confidentiality towards employees….

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field