Code of conduct regarding the independence of the DPO

Code of conduct regarding the independence of the DPO

Blogs

Ethics Working Group

In December 2018, the members of the Ethics Working Group of the DPO of Duthler Academy, in collaboration with Duthler Associates, published the Code of Conduct for Data Protection Officer (DPO). This took the lead in drawing up rules of conduct for the professional group to support the DPO in his daily practice. A practice in which the DPO is regularly confronted with dilemmas.

The working group is open to criticism and would like to have a discussion.

The rules of conduct are based on core values. The core value of ‘professionalism’ was discussed in the previous blog. In this blog we pay attention to the rules of conduct that are based on the core value ‘independence’.

What are the core value of independence?

The core value of “independence” is described in the Code of Conduct document as follows:

  • An independent position in the organization; the DPO deserves a place in the ‘governance’ of the organization, so that he / she is able to contact the board or management;
  • A combination of roles or tasks is only possible if the secondary tasks do not give rise to conflicts of interest with the tasks of the DPO. Whether this is the case must be determined on a case-by-case basis. The European Data Protection Board has emphasized that the DPO cannot perform a function that determines the purpose and means for the processing of personal data;
  • Ancillary positions can make the DPO vulnerable if these positions appear to be of conflicting interests; and
  • A DPO should not be consciously or unconsciously influenced by a reward. A general reward, such as a Christmas package that all employees in an organization receive, DPOs find acceptable. This has been shown in practice.

Code of conduct

Based on these core values, the following rules of conduct are described:

  • The DPO must avoid that his freedom and independence in the exercise of the profession could be jeopardized;
  • It is not permitted to grant the DPO any remuneration or commission, nor may the DPO receive them for assignments; and
  • The obligations of a DPO require independence, free from all pressure, especially with regard to personal interests or outside influence.