The European Data Protection Board, the EDPB, has now launched a coordinated action to examine the role and position of data protection officers. 26 data protection authorities in Europe will be involved in the action.
According to the General Data Protection Regulation (GDPR), public authorities and certain businesses are obliged to appoint a data protection officer (DPO). The role of the DPO is to contribute within the organisation to the compliance with data protection legislation and to promote effective protection of individuals’ rights.
The EDBP has now launched a coordinated action to assess whether the DPOs have the role and position required by Articles 37-39 GDPR and the resources needed to carry out their tasks. The coordinated action involves 26 European data protection authorities, including the Swedish Data Protection Authority (IMY).
Each national data protection authority chooses whether the coordinated action should be carried out, for example, in the form of a survey or a supervision.
IMY plans to perform supervision against a number of organisations as its part of the coordinated action. This work is currently in the planning stage and IMY will provide more information once this initial work is done.
The results of the national measures will be aggregated and analysed to provide deeper insights into the topic and allow targeted follow-up at EU level. The EDPB will publish a report of this analysis.
This is the second coordinated action implemented by the EDPB. The first measure concerned a joint inquiry into the use of cloud services by public authorities.
For further information:
- Swedish SA: Samordnad undersökning av dataskyddsombudens roll (SV)
- Press releases by the EDPB and other national data protection authorities on joint supervision