|
Post by juthi52943 on Jan 4, 2024 10:31:43 GMT 1
The CNIL also provides other situations indicating a conflict of interest, in principle, a representative of a data controller or processor that is not established in the EU cannot be appointed as data protection officer for that organization, as this would constitute a conflict of interest. The CNIL also raises the issue of whether a legal person can be both a processor and a personal data inspector in the same organization. The supervisory authority indicated that there is no automatic Job Function Email List prohibition for a service provider who is a processor to also be a data protection officer for its client. This may constitute a separate service for the client, which would not be carried out under the data controllers instructions. However, each time a decision in this regard should be preceded by. An analysis of a given case to see whether such a situation will undermine the independence of the IOD in the performance of his duties. This analysis should be part of the controllers and processors documentation. There may also be situations where it will be necessary to implement measures to guarantee such independence. However, in each case, the DPO, in order to be free from conflict of interest.
|
|