Austria:
DPO's Conflict Of Interest Results In 500k GDPR Fine
03 October 2022
Schoenherr Attorneys at Law
Most Popular: Article Austria, October 2022
To print this article, all you need is to be registered or login on Mondaq.com.
The Berlin Commissioner for Data Protection and Freedom of
Information (Berliner Beauftragte für Datenschutz und
Informationsfreiheit, "BInBDI") has imposed a fine of
525,000 euros on the subsidiary of a Berlin-based e-commerce group
due to a conflict of interest concerning the company's Data
Protection Officer. The company had appointed a DPO who, in their
role as a DPO, had to "independently oversee" the
company's data protection decisions. However, the same DPO was
also the Managing Director of two service companies that processed
personal data on behalf of the very company for which they served
as DPO. In other words, they oversaw data protection decisions that
they themselves had made in another capacity. The fine is not yet
legally binding (the German press statement of the BInBDI can be
found here).
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from Austria
Metaverse As A Business
KP Law
Noting that the metaverse will not be built overnight by a single company, Meta said that many of the products to be designed for Meta's concept will only be fully realized within the next 10-15 years.
Regulating Cybersecurity Across The EU And The UK
McDermott Will & Emery
On November 28, 2022, the Council of the European Union formally adopted the Network and Information Security 2 Directive (NIS 2 Directive), replacing the current NIS Directive (Directive 2016/1148/EC).
Better Late Than Never: Slovenia Last EU Member State To Adopt GDPR Implementing Act
Schoenherr Attorneys at Law
On 15 December 2022, the Slovenian Parliament finally adopted the Data Protection Act (Zakon o varstvu osebnih podatkov, ZVOP-2, "ZVOP-2"), a national law implementing the EU General Data Protection Regulation ("GDPR"). The act had been several years in the making, with the earliest draft released for public consultation back in 2017.