Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ThierryN
Newcomer I

Potential conflict of interest

Hello, 

 

A managed service provider (this company manages the IT infrastructure of their customers) proposes my services to these customers as DPO.

As this service provider can clearly be considered as the processor of its customers, do I face potential conflict of interest in case I play the role of DPO on their name ?

 

Thanks,

Thierry

2 Replies
Laurie-Anne
Newcomer I

Re: Potential conflict of interest

Hi,

 

It is not clear what is your relationship to the processor.

 

If you have any say in the way the data is processed, there is potentially a conflict of interest.

 

Controllers and Processors can agree on a shared DPO, or Controllers can agree to "use" the DPO of a Processor; as long at the DPO fits in the requirements for that position (independance, budget, training...).

flyingboy
Newcomer III

Re: Potential conflict of interest

GDPR allows the concept of 'Outsourced DPO'. Before you consider the potential conflict of interest, do the controller, processor or customer recognise that they need to ensure that the designated DPO does not receive any instructions regarding the exercise of those tasks referred in Article 39? He or she shall not be dismissed or penalised by the controller, processor or customer for performing his tasks. The DPO shall directly report to the highest management level of the controller or the processor or the customer.

 

If the managed service provider and its customers understand the above-mentioned, your managed DPO service contract will need include these as well as other tasks and duties fulfilled without any conflict of interest where there will be consequences.