Giangiacomo Oliv writes:
Under the General Data Protection Regulation (GDPR), companies that process large amounts of sensitive personal data or consistently monitor data subjects on a large scale will be required to appoint a data protection officer (DPO).
As discussed in our previous posts, the DPO will have significant responsibilities, including reporting on data to the highest management level. While the DPO debate has so far been focussed on where to place the DPO within company structures, confusion remains over the DPO’s actual responsibilities.
Firstly, the GDPR does not provide for any specific liability for the DPO. However, the Art. 29 Working Party addresses this issue in its Guidelines on Data Protection Officers of 13 December 2016.
Read more on DLA Piper Privacy Matters.