DPO and digital transformation. Comments on EU Council decisions

By | Saturday June 20th, 2015

The EU Council’s proposal for the Personal Data Protection Regulation approved on the 11th of June makes the DPO no longer mandatory for anyone.

What did it mean for the DPO to be mandatory in the previous versions of the forthcoming Personal Data Protection Regulation?

The digital transformation, or however you may call the big changes in our lives that technology is forcing, widely consists in a much deeper relation between service or product consumers and suppliers. The digital technology becomes so intimate to the product or service that data, which such technology deals with, become part of the contract, shared between consumer and supplier, owned, or almost owned, by both. Data that more and more frequently are personal data: location, bood pressure, friends…

If consumers’ personal data become assets of the suppliers it seems quite reasonable that also the rights associated with those data become part of the supplier organization, which is also in its interest.

So DPO could be seen as a piece of the digital transformation that helps to make it sustainable, a consequence of the fall of the wall between supplier and consumer, employee’s personal life and his professional duties.

Maybe it was too much ahead. Maybe it was to expensive, or too difficult to be properly defined, to be sustainable as a cost but anyway it is difficult to remove the idea that this is a step back.

Share with...Tweet about this on TwitterShare on LinkedInShare on Google+Share on Facebook
Category: Data Protection Officer Roles and Liabilities Tags: , , , ,

About Sergio Fumagalli

Vice President Zeropiu Spa, system integrator specialized in digital identity and data security with operations in Italy and in the Nordics. After serving as MP in the Italian Parliament, I started a professional collaboration with the Data Protection Italian Authority and a professional activity on these topics. Co-author of “Privacy guida agli adempimenti”, IPSOA, 2004, 2005 a book on compliance to the Italian Law. Since 2008 member of the Oracle Community for Security - http://c4s.clusit.it/views/Homepage.html - and since 2014 member of the board of Clusit a leader association on IT Security in Italy Between 2004 and 2012 member of the board of Webank Spa, the online banc of the Banca Popolare di Milano group.

One thought on “DPO and digital transformation. Comments on EU Council decisions

  1. Alessandro Vallega

    I would recommend companies to have a DPO in any case. It makes sense to have one. The company needs somebody to govern the data protection activities such as for example DP impact analysis and report to the authorities and to the board. The DPO shall be part of the incident management procedure and so on. The DPO is a good investment for compliance and data protection.

Leave a Reply