Can a CEO, managing director or other internal personnel taking up additional role of a DPO?

Berlin Authority published a case law regarding the DPO requirements and the risk of conflict of interest due to the dual position of DPO.

In this case the person was simultaneously the managing director of two service companies that processed personal data on behalf of the company for which he was acting as also data protection officer. These service companies are also part of the group; they provide customer service and execute orders.

The investigation found an alleged conflict of interest concerning the DPO's employment status and decision-making responsibilities that violated Article 38(6) of the GDPR.

“Companies should avoid any dual and significant roles for the company DPOs in corporate structures for conflicts of interest,” says Brozio.

This applies when there are joint responsibilities between the group companies. (managerial position and being DPO at the same time)

Relevant detail: the Supervisory Authority initially issued a warning against the company in 2021. After a renewed review this year revealed that the violation continued despite the warning, the fine was imposed.

Twitch live:

To know more or if you have any question, contact us!