GDPR Compliance: Should CISO Serve as DPO?

2020-02-14 14:18

A joint report by the International Association of Privacy Professionals and Ernst & Young, published last year, revealed inconsistencies in how companies are implementing the DPO role, including whether the CISO also serves as DPO. When Is DPO Required?

While some say it's appropriate for CISOs to serve as DPOs because the roles complement each other, others argue the DPO position should be separate.

"The DPO has to perform a balancing act in an organization, says Gregory Dumont, who serves as DPO as well as CISO at U.K.-based SBE Global, a provider of repair and after-sales service solutions to the electronics and telecommunication sectors."He has one foot in the organization, one hand holding the data subjects' interests, one hand holding the supervisory authorities, and another foot elsewhere since he has to be independent.

"Ideally, a DPO function should be independent of all functions," says Rob Masson, CEO at U.K.-based The DPO Center, a data protection resource center.

Cathal Ryan, assistant commissioner, at Ireland's Data Protection Commission Ryan, wrote recently that the DPO position is akin to that of in-house counsel because the DPO must be independent and raise privacy issues with the highest level of management.

News URL

https://www.inforisktoday.com/gdpr-compliance-should-ciso-serve-as-dpo-a-13722

#ciso #compliance #gdpr