You Say Tomato, I Say Shut Up by Annabelle Gurwitch and Jeff Kahn - Excerpt
You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint...
Transcript of You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint...
![Page 1: You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint a data protection officer (DPO) where their core activities consist of processing](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6fa18fd2f10493e095b86/html5/thumbnails/1.jpg)
Building Digital Trust:Establishing an Ecosystem of Trust
and Protection in the Digital Age
November 9–11, 2016
You say tomato, I say tomato…the Role of the Chief Privacy Officer in 2020
![Page 2: You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint a data protection officer (DPO) where their core activities consist of processing](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6fa18fd2f10493e095b86/html5/thumbnails/2.jpg)
2
TheEvolutionoftheCPO
Was Is WillBe
• Compliance• Administration• Sector-focused
• Regulatedbusiness• Peripheral
• Privacy• DataProtection• DataEthics
• DataMonetization• Relationshipbetween
individualandorganizations
![Page 3: You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint a data protection officer (DPO) where their core activities consist of processing](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6fa18fd2f10493e095b86/html5/thumbnails/3.jpg)
3
• The controller and processor shall appoint a data protection officer (DPO) where their core activitiesconsist of processing operations that require regular and systematic monitoring of data subjects on alarge scale
• The DPO will monitor compliance with the regulation, provide advice on data protection impactassessments and act as the contact point for the supervisory authority
• Data subjects may contact the DPO with regards to the processing of their data and the exercise of theirrights under the GDPR.
• The DPO shall not receive instructions regarding the exercise of their tasks
• The DPO shall directly report to the highest level of management of the controller or processor.
ImpactofGDPR
GDPRDPO
![Page 4: You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint a data protection officer (DPO) where their core activities consist of processing](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6fa18fd2f10493e095b86/html5/thumbnails/4.jpg)
4
PrecedentsandParallels
• Mostdirectprecedent• Pay-off:lessadmin,accept
theDPOasarepresentativeoftheDPA
• CPO/DPOcanbeoneperson;“theinterestsofthedatasubjectandthefirmshouldbealigned,sowhyisthisabigdeal”?
• MoneyLaunderingReportingOfficers:dutytoreport
• USSanctions- Monitors
• SouthAfricanombudsman:independentroleinbank,annualreport
• UKombudsman:entirelyseparatetoin-housecomplaints,onusonFOS
• UK:s.166
• Lifesciences– ethics,quality,safety
• Media:NewspaperOmbudsman
• Listedfirms:Whistleblowerhotlines,InternalAudit
GuidancefromRegulators?InteractionofDPO/DPA?Localvariation?
ThirdPartyProvision?LiabilityofDPO?ScarcityofResource?
Other
![Page 5: You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint a data protection officer (DPO) where their core activities consist of processing](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6fa18fd2f10493e095b86/html5/thumbnails/5.jpg)
5
PredictingtheFuture
• Enhancedpowers
• Increasedfunding
• Higherprofile
• Administrator/Ombudsman
• Avoidedbybusiness/management?
• NewDPOrole
• Newdiscipline,culture,skills
• CPOevolvesawayfromDPO
• NewDPOrole
• Closeinteraction
• Healthytension
CPO/DPO CPO+DPO
CPO+ RegresstoDPO DIVERGE PARALLEL
Consequencesfor:
![Page 6: You say tomato, I say tomato - s3.amazonaws.com · 3 • The controller and processor shall appoint a data protection officer (DPO) where their core activities consist of processing](https://reader033.fdocuments.net/reader033/viewer/2022042220/5ec6fa18fd2f10493e095b86/html5/thumbnails/6.jpg)
Building Digital Trust: Establishing an Ecosystem of Trust and Protection in the Digital Age