With the entry into force of the GDPR (a law which protects personal data) on 25 May 2018, many companies are required by law to employ a Data Protection Officer (DPO) or to engage an external DPO. Some of the duties carried out by a DPO are:
• Being responsible for the general data protection strategy.
• Giving information and advising the firm about how to meet GDPR requirements.
• Acting as the first point of contact when government bodies carry out GDPR checks. This means the DPO must maintain data on actions taken relating to GDPR.
This means the DPO acts mainly as a consultant and compliance officer for the protection of personal data. But what happens if the DPO makes a mistake? Who protects them?
Firms appointing a DPO have two options:
• They can opt to appoint an employee as the DPO internally if the employee is qualified for the position.
• Or, the firm can choose to hire an external consultant as their Data Protection Officer.
The main difference between both of these parties is the responsibility in their duties. An internal DPO is fully covered by the firm’s liability insurance. However, an external DPO can be held liable for any malpractice. In the section below, we set out briefly how the DPO can be covered against this.
First and foremost, it is important to know that if a firm does not comply with the GDPR, the DPO cannot be held to bear ultimate responsibility. In such cases, the liability rests fully with the firm.
However, the Data Protection Officer must be protected against duties indirectly relating to the GDPR and for which clients may hold the DPO liable.
By taking out a professional indemnity insurance policy with the right data protection nuances, DPOs are protected against any intellectual malpractice when carrying out their activities.
A survey of various insurers showed the following examples of situations where professional indemnity insurance can step in to protect a DPO. Please note that these cases are examples. Each case is different and is reviewed and assessed individually by the relevant experts.
● The DPO holds various important customer data processing data and loses them.
● The customer suffers a financial loss due to wrong advice on the GDPR and data processing.
● The DPO develops an entire software system for data processing, and the customer loses data during a software upgrade.
Whether you are already a Data Protection Officer or plan to expand your activities and would like some advice on how to best protect yourself, feel free to contact us on +32 (0)3 217 67 53 or email@example.com. We’ll be happy to help.