Potential conflict of interest

ThierryN · ‎12-04-2017

Hello,

A managed service provider (this company manages the IT infrastructure of their customers) proposes my services to these customers as DPO.

As this service provider can clearly be considered as the processor of its customers, do I face potential conflict of interest in case I play the role of DPO on their name ?

Thanks,

Thierry

Laurie-Anne · ‎12-04-2017

Hi,

It is not clear what is your relationship to the processor.

If you have any say in the way the data is processed, there is potentially a conflict of interest.

Controllers and Processors can agree on a shared DPO, or Controllers can agree to "use" the DPO of a Processor; as long at the DPO fits in the requirements for that position (independance, budget, training...).

flyingboy · ‎12-04-2017

GDPR allows the concept of 'Outsourced DPO'. Before you consider the potential conflict of interest, do the controller, processor or customer recognise that they need to ensure that the designated DPO does not receive any instructions regarding the exercise of those tasks referred in Article 39? He or she shall not be dismissed or penalised by the controller, processor or customer for performing his tasks. The DPO shall directly report to the highest management level of the controller or the processor or the customer.

If the managed service provider and its customers understand the above-mentioned, your managed DPO service contract will need include these as well as other tasks and duties fulfilled without any conflict of interest where there will be consequences.