VGS corporate lawyers
London

+44 2039665531

Milan

+39 0250043613

  • Home
  • Who we are
  • Practice Areas
    • Company law
      • Setting up a company in Italy
      • Corporate governance
      • Bankruptcy
    • Debt Recovery & Credit Collection
    • Arbitration and Mediation
    • Contracts
      • Acquisition Finance
    • White collar crimes
    • Data protection and GDPR
  • People
    • Avv. Valentina Giarrusso
    • Avv. Flavia Di Pilla
    • Avv. Silvia Pellegrini
    • Avv. Giuseppe Ganci
    • Avv. Valentina Improta
    • Dr. Fabrizio Di Patti
    • Avv. Salvatore Fasciana
    • Dr. Yasine Ajlane
  • News & Blog

Data Protection Officer tasks and operation: Natural or Legal person?

  • by VGS' Editorial Board
  • 31 October 2019
  • Comments (0)

In the event a legal person carries out DPO services and tasks, such services shall effectively be delivered by an employee that is part of legal person’s organisation.

Decision No. 1468 of third section of Italian Administrative Court (Tar) deals with DPO designation and its legitimacy under the GDPR. In particular, a professional link between DPO service assignee and individuals who carry out the activity is needed.

Italian court decision has been based on Italian Guidelines on Data Protection Officers. In particular, previous guidelines explores the possibility of DPO services that are assigned to a legal person. In such case, it appears relevant the professional connection between the assignee and the individual who carries out the DPO activity. In fact, Italian Guidelines state that each subject included within assignee organisation shall fulfil the requirements of art. 4. of GDPR. Then, it is implicitly required that the physical person shall be part of assignee organisation.

In the present case, the assignee was unable to prove that the appointee was part of its organisation. On the contrary, the only – weak – professional connection was based on a proposal of appointment which has not been registered nor attached to any documentation.

Under these circumstances, DPO appointee shall always be part of assignee organisation with purpose of providing transparency and quality of DPO services.

  • DPO
  • GDPR
  • Privacy
  • Share:
Previous Article: Cookie Consent: Pre-ticked consent boxes fail under GDPR
Next Article Patient and personal data processing: lack of informed consent affects self-determination right

Practice Areas

  • Company law
  • Debt Recovery & Credit Collection
  • Arbitration and Mediation
  • Contracts
  • White collar crimes
  • Data protection and GDPR

Free Consultation

    Tags

    Airbnb Arbitration Artificial Intelligence Auditing Brexit Company Law Company Shares Consent Contracts Cookies Copyright Coronavirus Data DataProcessing Data Protection DPO European Union Eviction Free Title GDPR HealtData HouseHold Agreements Islamic Law Italian Bankruptcy Law Italian Company Law Italian Corporate Law Italian Criminal Law Italian Debt Recovery Italian Entry Visa Italian Intellectual Property Law Italian Legal Advice Italian Privacy Italian Tax Legal guide MedialTreatment Mediation Partnership Patient Personal Data Privacy Processing Research Startup Warranty White Collar Crimes

    Social Links

    • Facebook
    • Instagram
    • LinkedIn

    See also:

    VGS Lawyers

    VGS - Family Lawyers

    © Copyright 2021 | VGS Corporate Lawyers | All right reserved.

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy