Conflict of interest of data protection officers

Conflict of interest of data protection officers

The subsidiary of an unnamed e-commerce group, received a fine because the data protection officer had a conflict of interest.

The employee who was appointed as data protection officer by the recipient of the fine was also managing director at 2 other companies belonging to the same group. His task was to review the activities of the two companies with regard to data protection. But that also meant that he would have had to review his own decisions. This constituted a violation of the provision of the GDPR that data protection officers must be able to perform their role free of conflicts of interest.

In 2021, the BlnBDI had already warned the company about this incident, but the recipient of the fine had not remedied the data protection violation. The penalty notice is currently not yet legally binding.

Entscheidungsdatum:
20.09.2022

Land:
Deustschland

Art des Verstoßes:
inadequate data protection

Betroffene Datensätze:
unknown

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 525,000,-

Quelle:
Press release of the BlnBDI