top of page

Data Governance Under the GDPR: Are DPOs the Best Solution?

Updated: Sep 26, 2019

Carol Tullo, OBE, TTB's EU counsel and senior advisor, will be a panel member at Eurim Digital Policy Alliance's event on Tuesday April 30th in central London from 3pm - 5pm Central London Followed by Networking Drinks Reception

Good data governance is the sine qua non of the GDPR and the UK Data Protection Act 2018. Is the introduction of statutory Data Protection Officers (DPOs) the best means to achieve that objective? We have the Information Commissioner’s guidance on the legal expectations as to when DPOs are mandatory. But what do the organisations (particularly the Directors, who retain personal liability for corporate policy and implementation) expect of their DPOs, and what are the most effective types of DPO organisations? Where DPOs are optional, are they the best solution, and if not, what are the alternatives?

The panel discussion will aim to explore the benefits and drawbacks of different ways of handling the division of labour in relation to data governance, data protection and compliance, including the DPO role.

Following a scene-setting overview provided by Matthew Kirk, Senior Advisor at SPB, the discussion will be led by Lord Erroll. Jonathan Bamford, Director of Strategic Policy (Domestic) in the Information Commissioner’s Office, will give the key note presentation.

A panel discussion will follow, including: Carol Tullo OBE, Senior Associate and Legal Counsel, The Trust Bridge; Annette Demmel, partner at SPB and currently acting as an external DPO for various companies in Germany (where the DPO concept was invented) and Asli Yildiz, Head of Legal, The DMA Group.

The panel will engage in an interactive discussion of the issues with active audience participation.

Key topics for discussion will include:

• How best to optimise a company’s organisation to achieve good data governance?

• How to decide whether a DPO is required by law? What to do if not?

• Where DPOs are not mandatory, what alternative options are emerging?

• Where DPOs are mandatory, what are pros and cons of external versus internal DPOs?

• What is expected of the DPOs/Chief Policy Officers (CPOs) in their day-to-day work?

• How does the DPO role differ from that of other data governance stakeholders within the organisation?

• How should a company avoid or minimise the risk of DPO conflicts of interest within the organisation?

• DPO liability and insurance – what are the key issues?

• What skill sets and experience are critical for DPOs or the equivalent, and does this depend on the company’s characteristics (B2B, B2C, data rich, etc.)?

• How to break down silos and build bridges amongst key stakeholders involved in data governance (e.g., legal, IT, CISO, business unit leads, etc.)?

• What are the lessons learnt so far (pre- and post-GDPR)?

To register your interest in attending this event, please email by 25th April 2019.


bottom of page