The Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit, "BInBDI") has imposed a fine of 525,000 euros on the subsidiary of a Berlin-based e-commerce group due to a conflict of interest concerning the company's Data Protection Officer. The company had appointed a DPO who, in their role as a DPO, had to "independently oversee" the company's data protection decisions. However, the same DPO was also the Managing Director of two service companies that processed personal data on behalf of the very company for which they served as DPO. In other words, they oversaw data protection decisions that they themselves had made in another capacity. The fine is not yet legally binding (the German press statement of the BInBDI can be found here).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
