图书情报工作 ›› 2019, Vol. 63 ›› Issue (2): 144-152.DOI: 10.13266/j.issn.0252-3116.2019.02.016

• 海外观察 • 上一篇    下一篇

欧盟数据保护官制度研究

肖冬梅, 成思雯   

  1. 湘潭大学法学院 湘潭 411105
  • 收稿日期:2018-06-09 修回日期:2018-08-06 出版日期:2019-01-20 发布日期:2019-01-20
  • 作者简介:肖冬梅(ORCID:0000-0001-7611-2058),院长,教授,法治湖南建设与区域社会管理协调创新中心研究员,E-mail:86650210@qq.com;成思雯(ORCID:0000-0002-7589-1763),硕士研究生。
  • 基金资助:
    本文系国家社会科学基金重点项目"云环境下数字学术信息资源安全的法律保障体系研究"(项目编号:14AZD076)研究成果之一。

EU Data Protection Officer: Responsibility, Impact and Enlightenment

Xiao Dongmei, Cheng Siwen   

  1. Law School of Xiangtan University, Xiangtan 411105
  • Received:2018-06-09 Revised:2018-08-06 Online:2019-01-20 Published:2019-01-20

摘要: [目的/意义]欧盟数据保护新规(GDPR)中的数据保护官(DPO)制度颇受关注。追溯DPO制度演进路径,剖析DPO的设置与具体职责,考察欧盟DPO制度实施与影响,不止关乎中国企业对欧贸易,更是我国相关规则体系构建的重要参考。[方法/过程]通过梳理GDPR中有关DPO的条款及相关过程文本,发现在GDPR规定的3种情形下,数据控制者/处理者应设置数据保护官。DPO的职责包括对数据控制者相关工作人员的告知和建议、监督数据处理的合规性、联络数据主体、同监管机构合作、数据处理活动的记录与归档、培训以及保密等。[结果/结论]设置DPO对于确保数据控制者的合规、减轻监管机构负担影响深远。欧盟DPO制度对中国企业/机构的启示在于:应按GDPR的规定设置DPO,并设计完整的数据保护监督流程;对中国数据保护监督及机制建设的启示包括:明确规定数据控制者应设置数据保护专门岗位和专业人员、对不合规的数据控制者给予相应的责任追究和惩罚、加强数据监管机构的建设。

关键词: 数据保护官, 个人数据保护, 合规性

Abstract: [Purpose/significance] The data protection officer (DPO) in the new regulation of EU data protection(GDPR) has attracted considerable attention.Tracing the evolution path of DPO,analyzing the settings and specific responsibilities of it. Studying on DPO system is not only related to trade between China and Europe, but also an important reference for the construction of relevant rules system in China.[Method/process] By teasing out the terms of DPO in the GDPR and related texts,in the three cases specified by GDPR, the data controllers or processors should set up DPO.The responsibilities of the DPO include that informing and advising to the data controller's relevant staff, monitoring the compliance of data processing, contacting with data subject, cooperating with the supervisory authority, maintaining records and documentation of data processing, training, and confidentiality obligation.[Result/conclusion] Setting up DPO has far-reaching influence on ensuring the compliance of data controllers and reducing the burden of the supervisory authority. The enlightenment of DPO for Chinese enterprises or institutions is that DPO should be set up according to the provisions of GDPR, and a complete data protection supervision system should be designed as soon as possible. As for the data protection supervision system and mechanism construction in China, it should be clearly stipulated that the data controllers have to set up special posts and professionals for data protection, and investigate and punish non-compliant data controllers with corresponding responsibilities. Meanwhile the construction of data supervisory authority should be strengthened.

Key words: data protection officer, personal data protection, compliance

中图分类号: