EU Data Protection Officer: Responsibility, Impact and Enlightenment

  • Xiao Dongmei ,
  • Cheng Siwen
Expand
  • Law School of Xiangtan University, Xiangtan 411105

Received date: 2018-06-09

  Revised date: 2018-08-06

  Online published: 2019-01-20

Abstract

[Purpose/significance] The data protection officer (DPO) in the new regulation of EU data protection(GDPR) has attracted considerable attention.Tracing the evolution path of DPO,analyzing the settings and specific responsibilities of it. Studying on DPO system is not only related to trade between China and Europe, but also an important reference for the construction of relevant rules system in China.[Method/process] By teasing out the terms of DPO in the GDPR and related texts,in the three cases specified by GDPR, the data controllers or processors should set up DPO.The responsibilities of the DPO include that informing and advising to the data controller's relevant staff, monitoring the compliance of data processing, contacting with data subject, cooperating with the supervisory authority, maintaining records and documentation of data processing, training, and confidentiality obligation.[Result/conclusion] Setting up DPO has far-reaching influence on ensuring the compliance of data controllers and reducing the burden of the supervisory authority. The enlightenment of DPO for Chinese enterprises or institutions is that DPO should be set up according to the provisions of GDPR, and a complete data protection supervision system should be designed as soon as possible. As for the data protection supervision system and mechanism construction in China, it should be clearly stipulated that the data controllers have to set up special posts and professionals for data protection, and investigate and punish non-compliant data controllers with corresponding responsibilities. Meanwhile the construction of data supervisory authority should be strengthened.

Cite this article

Xiao Dongmei , Cheng Siwen . EU Data Protection Officer: Responsibility, Impact and Enlightenment[J]. Library and Information Service, 2019 , 63(2) : 144 -152 . DOI: 10.13266/j.issn.0252-3116.2019.02.016

References

[1] 肖冬梅. 在全球数据洪流中筑牢数据边疆[N]. 中国社会科学报,2016-11-10(1).
[2] 高富平. 个人数据保护和利用国际规则:源流和趋势[M]. 北京:法律出版社,2016.
[3] LACHAUD E. Certification of data protection officers should be regulated[EB/OL].[2018-05-10]. https://ssrn.com/abstract=3176471 or http://dx.doi.org/10.2139/ssrn.3176471.
[4] MIGUEL R. Data protection officer:the key figure to ensure data protection and accountability[J].European data protection law review,2017,3(1):114-118.
[5] 王融.大数据时代:欧盟能否重建数据保护新秩序[J]. 中国信息安全, 2016(1):125-127.
[6] 张敏, 马民虎. 欧盟数据保护立法改革之发展趋势分析[J]. 网络与信息安全学报, 2016, 2(2):8-15.
[7] 李欣倩. 德国个人信息立法的历史分析及最新发展[J]. 东方法学, 2016(6):116-123.
[8] CEDPO.Comparative analysis of data protection officials role and status in the EU and More-I[EB/OL].[2017-05-19].http://www.cedpo.eu/wp-content/uploads/2015/01/CEDPO_Studies_Comparative-Analysis_DPO_20120206.pdf.
[9] MoJ wants obligation to appoint data protection officers scrapped from EU reform proposals.[EB/OL].[2017-04-11].https://www.out-law.com/en/articles/2013/january/moj-wants-obligation-to-appoint-data-protection-officers-scrapped-from-eu-reform-proposals/.
[10] ANGELIQUE C. Where should the new mandatory DPO sit?[EB/OL].[2017-01-21].https://iapp.org/news/a/where-should-the-new-mandatory-dpo-sit/.
[11] European Parliament and of the Council. European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)[EB/OL].[2017-07-20].http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0212.
[12] 中国商业电讯.欧盟GDPR留给中国企业的时间不多了[EB/OL].[2017-03-15].http://www.sohu.com/a/124637983_115007.
[13] PAUL L. The data protection officer:profession, rules, and role[M].New York:Auerbach Publication,2016.
[14] HEIMES R,PFEIFLE S. Study:GDPR's global reach to require at least 75,000 DPOs worldwide[EB/OL].[2017-03-20].https://iapp.org/news/a/study-gdprs-global-reach-to-require-at-least-75000-dpos-worldwide/.
Outlines

/