Belgian DPA recommends taking 13 steps now

The Belgian DPA (hereafter referred as CPP, to reflect its official name, Commission for the Protection of Privacy) has issued GDPR-preparation recommendations in the form of 13 guidelines for companies processing personal data. The English-language summary below is taken from a law-firm website (link) (the originals were issued in French (link) and Dutch (link) only).

The good news is that the CPP has now set some priorities, giving data controllers and processors an idea of what the auditors will be looking for in the early days after the GDPR’s effective date. The bad news, at least as I see it, is not only is the guidance mostly vague, but also that there seems to be an embedded assumption that all of this is feasible within a short time frame. Continue reading “Belgian DPA recommends taking 13 steps now”

Who wants to be a DPO?

Although the trend is not apparent at the time of this writing, I expect to see a lot of listings for positions as DPOs (data protection officer) in the near future. If you’re being considered for such a position, I assume you are familiar with the GDPR. Suppose you have an interview and get an offer; what should you consider before accepting the job? Specifically, are you willing to risk financial liability for it?  Continue reading “Who wants to be a DPO?”