On Wednesday, 17 January, the European Data Protection Board (EDPB) published a report in which it finds, despite the progress that has been made, that data protection officers—those responsible for protecting personal data within an organisation—still encounter too many obstacles to perform their jobs successfully.
The result of a survey conducted by 25 data protection authorities within the European Economic Area, the report criticises the fact that officers have “insufficient resources or expert knowledge”, the fact that they are sometimes not fully entrusted with the tasks required by the GDPR, their lack of independence, and even the fact that they do not report to senior management [according to a press release]. Moreover, the report points out that failure to appoint an officer within certain organisations, even though appointing one is compulsory, remains a major difficulty.
To remedy this, the findings of this second report on the subject stress that the resources allocated [to data protection officers] should be revised upwards and that data protection authorities should carry out “more awareness-raising activities, information and enforcement actions”. Furthermore, the report indicates that officers should be “given sufficient opportunities, time and resources to refresh their knowledge and learn about the latest developments”.
See the report: https://aeur.eu/f/ag2 (Original version in French by Thomas Mangin)