Last week, we held the 13th Data protection officers’ academy. It was the first academy to be held online, which in itself was a very different yet exciting experience.
During the academy, we discussed:
Tasks that shall be appointed to DPO under the GDPR.
General principles of DPO's status and daily activity together with practical examples on assessing potential data protection compliance risks, handling data breaches and data subjects' request, performing GDPR compliance audits, monitoring other personal data concerning procedures at organizations and others.
Insights on how to understand data protection sources and how to use them while performing DPO functions.
Main steps that DPO should take in order to improve organisation's compliance with GDPR (including adopting necessary internal procedures, preparing GDPR compliance documents, assisting with IT solutions, etc.).
Our colleague Raminta Matulytė finalised the academy with introduction of the aspects of imposing GDPR fines, which DPOs should always be aware of:
Fine is one of the compliance encouragement tools employed by GDPR, aimed at unifying the fine mechanism throughout the EU.
The practice of imposing fines is a dynamic process, and the precedents are changing rather frequently, therefore, DPOs should always be up to date with the newest case-law across the EU.
Fines are always imposed individually, taking all circumstances of the case into account. Factors that may be considered are listed in Art. 83 of GDPR.
The fine is not the measure to be imposed in all GDPR infringement cases. Alternative measures include but are not limited to: (i) requirements to adapt data processing to the requirements, (ii) ban on data processing altogether, or (iii) a reprimand.
We thank all the participants of the academy. We are hoping to see you in our future events!
