The ODPC issues guidance on appropriate qualifications for a Data Protection Officer, (GDPR).

The Data Protection Commissioner's Office

The ODPC have recently issued guidance on the appropriate qualifications for Data Protection Officers in Ireland. Whilst there are perhaps still some areas to be further clarified, unsurprisingly there are still some areas where interpretation of the GDPR with regard to the DPO doesn’t follow a completely rigid structure.

What is interesting is the added emphasis that the ODPC appear to be placing on levels of IT knowledge that may be required in certain cases.

So, whilst the Article 29 working party guidelines state that ‘the DPO should also have sufficient understanding of the processing operations carried out, as well as the information systems, and data security and data protection needs of the controller’, the ODPC guidelines use different language in describing the IT skills that may be needed by the DPO.

Their view is that in some instances ‘a DPO may need an expert level of knowledge in certain specific IT functions, international data transfers, or familiarity with sector-specific data protection practices such as public sector data processing and data sharing, to adequately perform their duties.’

The original Article 29 working party guidelines were very clear that a Head of IT shouldn’t be the DPO because of the potential conflict of interest. It would be very interesting to see how the ODPC would view an Irish company appointing someone who has the appropriate data protection training, knowledge and qualifications but happens to be the Head of IT (or anybody in IT who is involved in determining the means of processing data) as their DPO because they were the only person in a company with the required expert IT knowledge.

Certainly when you consider that the Bavarian data protection authority issued a fine to a company in 2016 because they had their Head of IT as DPO, it certainly looks like we could be looking at one area where there are very different interpretations of who should be DPO depending on where you are in the EU.

You can view the guidelines here:

Article 29 Working Party Guidelines on Data Protection Officers

the challenge - wizuda case studies

The board of a multinational medical device organisation required a secure, cloud-based solution which facilitated virtual board member collaboration on key documents in preparation for monthly board meetings.

The documentation was regularly of a highly commercially sensitive nature, largely relating to ongoing clinical trials, and as such demanded a secure and encrypted platform which could be implemented without the engagement of internal IT resources.

Key challenges that need to be  considered:

  • Geographically dispersed stakeholders
  • Highly commercially sensitive documentation
  • No internal IT involvement
  • Multiple stakeholders required to collaborate on
    single documents
the solution- wizuda case studies

Wizuda MFT gave them a centralised view of all their file transfer activities and a network overview of the data flows. IT now had instantly available reporting and could provide geographic maps and network overviews to senior management of all file transfer activities in the organisation. These could also be categorised in ways that made sense for the business from a priorities perspective. Wizuda’s unique ‘Health Check’ dashboard with automated monitoring and alerts, allowed them to manage all transfer operations proactively and ensured they were always on top of any issues.

From a GDPR compliance perspective, transfers could be linked to Data Protection Impact Assessments were required and data could be anonymised as part of the transfer process. Wizuda MFT enabled them to apply the latest security protocols for file transfers and encrypt data at rest and in transit. Passing cyber-security and GDPR compliance audits became a lot easier.

About Wizuda

Developing IT Solutions to Make Businesses Better

At Wizuda we focus on developing IT solutions which help businesses grow and empower people to collaborate and stay connected securely and compliantly. Specialists in secure data transfer since 2001, all development and support operations are carried out from our two Irish 

offices located in Dublin (Wizuda Headquarters) and Limerick. We pride ourselves in developing software solutions that allow organisations to take back control of their file transfer and data sharing operations, enabling them to operate efficiently, securely and compliantly

Quick Contact