Belső adatvédelmi felelős (internal data protection officer) DP 1.0.: 2002 -- DPO 2.0: 2008 DPO 1.0: 1993



Similar documents
COMPARATIVE ANALYSIS OF DATA PROTECTION OFFICIALS ROLE AND STATUS IN THE EU AND MORE - I A CEDPO CONTRIBUTION

Personal Data Act (1998:204);

Improving self-regulation through (law-based) Corporate Data Protection Officials *

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

Federal Act on Data Protection (FADP) Aim, Scope and Definitions

Act on Insurance Mediation and Reinsurance Mediation

NB: Unofficial translation, legally binding only in Finnish and Swedish

PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide

Appendix 11 - Swiss Data Protection Act

ACT. Of On Cyber Security and Change of Related Acts (Act on Cyber Security)

Act on Mortgage Credit Banks /1240. Chapter 1 General provisions. Section 1 Definition of a mortgage credit bank

New EU Data Protection legislation comes into force today. What does this mean for your business?

Not an Official Translation On Procedure of Coming into Effect of the Law of Ukraine On State Regulation of the Securities Market in Ukraine

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

of 28 September 2007 (Status as of 1 April 2010)

EXCHANGE RULES, SECTION XII. Conditions for Admission of Collective Investment Securities to Trading on the Regulated Market of the Exchange

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

DATA PROTECTION GUIDELINES

Merchants and Trade - Act No 28/2001 on electronic signatures

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

Statutes in translation Please note that this translations are not official translations. The translation is furnished for information purposes only

Act on the Protection of Privacy in Working Life (759/2004)

CONTENT OF THE AUDIT LAW

ACT ON COLLECTIVE INVESTMENT

LAW OF THE REPUBLIC OF KAZAKHSTAN. On Changes and Additions to Some Legal Acts of the Republic of Kazakhstan related to Access to Information

Data protection issues on an EU outsourcing

Corporate ICT & Data Management. Data Protection Policy

Data Protection Policy

Act on Regulation of Transmission of Specified Electronic Mail ( Act No. 26 of April 17, 2002)

Summary of Data Protection Requirements When transferring Data Outside the UK End Users

Data Protection Policy

Azerbaijan Law on Mortgage (adopted on 3 July, 1998; entered into force on 19 August 1998)

Act CLXV of on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure

South East Asia: Data Protection Update

Act on Investment Firms /579

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper

Electronic Commerce ELECTRONIC COMMERCE ACT Act. No Commencement LN. 2001/ Assent

Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006) (as amended by several Acts, including 678/2015)

The Romanian Parliament adopts the present law. Chapter I: General Provisions

Estonie Loi sur la signature électronique Entrée en vigueur le 15 décembre 2000

The office of the County Attorney Bill, 2014

Act of 5 July 2002 No. 64 on the Registration of Financial Instruments (Securities Register Act)

Act for Appropriate Provision of Hematopoietic Stem Cells to be Used in Transplantations

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

HIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia

3. Structuring your company in the UK

I. Supervision of Insurance and Reinsurance Mediation

N.B. Unofficial translation, legally binding only in Finnish and Swedish. No. 1383/2001 Occupational Health Care Act

Act on the Supervision of Financial Institutions etc. (Financial Supervision Act)

CONTRACT MANAGEMENT POLICY

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014

BILL. To be introduced by the Minister for Justice and Constitutional Development

VPO NOK Rules. Rules for the Central Securities Settlement. in Norwegian Kroner

DATA PROTECTION POLICY

Data Breach Notification Duty. Dr. Elisabeth Thole 31 October 2015 UIA Valencia

Merthyr Tydfil County Borough Council. Data Protection Policy

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER

The Business Enterprise Registration Act

FLORIDA S NEW INSURANCE AGENCY REGISTRATION & LICENSING LAW Q & A

Data Protection in Ireland

VACANCY NOTICE FOR THE POST Human Resources Manager to the Bio-Based Industries Joint Undertaking (BBI-JU) Reference (to be quoted in all your

DIFC LAW NO. 1 OF 2007

Ministry of Labour and Social Policy LAW ON VOLUNTARY FULLY FUNDED PENSION INSURANCE ( )

COLLECTIVE INVESTMENT LAW DIFC LAW No. 2 of 2010

This English translation of the Act on Regulation of the Transmission of Specified

Europol Public Information. Business Manager Corporate Communications

Asset Protection Agreement Templates - Customer Explanatory Notes. Explanatory Notes on Asset Protection Agreement

LAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS

DATA PROTECTION LAWS OF THE WORLD. India

ACT ON PAYMENT SERVICES

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Firm Registration Form

Corporate Policy. Data Protection for Data of Customers & Partners.

Electronic Documents Law

LOI INFORMATIQUE ET LIBERTES ACT N OF 6 JANUARY 1978

Law 2472/1997. on the Protection of Individuals with regard to the Processing of Personal Data. (as amended) CHAPTER A GENERAL PROVISIONS

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Consolidated Insurance Mediation Act 1

Act no 41 on Insurance Mediation ( )

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION POLICY

A GUIDE TO THE OCCUPATIONAL RETIREMENT SCHEMES ORDINANCE

How To Protect Your Personal Information At A College

Key issues in data protection: a pan-european view

DRAFT DECISION OF THE ADMINISTRATIVE COMMITTEE

CONSULTATIVE COUNCIL OF EUROPEAN PROSECUTORS (CCPE)

Auditors Act SFS 2001:883 Revisorslag (2001:883)

FAIS NEWSLETTER DATE OF FIRST APPOINTMENT (DOFA) ENQUIRIES. Inside this issue: Financial Services Board 8/31/2013 Volume 15

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

Credit Information Business Act B.E. 2545

REGULATION ON FINANCIAL HOLDING COMPANIES (Published in Official Gazette dated November 1, 2006 Nr )

CONSULTATION PAPER NO

PROTECTION OF PERSONAL INFORMATION BILL

Act on the Supervision of Credit Institutions, Insurance Companies and Securities Trading etc. (Financial Supervision Act)

SOCIALIST REPUBLIC OF VIETNAM Independence - Freedom - Happiness Law No. 21/2012/QH13 Hanoi, November 20, 2012 LAW

Third Supplement dated 8 September 2015 to the Euro Medium Term Note Programme Base Prospectus dated 12 December 2014

Estonian Health Insurance Fund Act

Corporate Information Security Policy

SCOPE OF APPLICATION AND DEFINITIONS

Transcription:

TABLEAU COMPARATIF DES DELEGUES A LA PROTECTION DES DONNES A CARACTERE PERSONNEL EN EUROPE Version V1.0 à jour au 29 sept. 2009. Nous invitons les lecteurs à nous communiquer leurs commentaires afin de compléter ce tableau (pg@pascalgelly.com) Estonia Hungary Slovakia Malta Title Isikuandmete kaitse eest vastutav isik (Person responsible for protection of personal data) Creation / Effective date DPO 1.0: 2003 Belső adatvédelmi felelős (internal data protection officer) Dohľad nad ochranou osobných údajov (personal data protection official) Rapprezentant ta data personali/ Data protection representative DPO 1.0: 1993 DP 1.0.: 2002 -- DPO 2.0: 2008 DPO 2.0: 2007 Number -- -- -- 111 DPO (list available on the Authority s website) Associations -- -- -- Legislation 27, 30 et 31 of the Isikuandmete kaitse seadus of February 15 th, 2007 Articles 28 et 31A of the DP Act LXIII of 1992 (1992. évi LXIII. törvény a személyes adatok védelméről és a közérdekű adatok nyilvánosságáról) Mandatory / Optional Optional Mandatory for DC or data processors - in case of processing of data files of national authorities or of national labour or criminal data files - in financial institutions, - in telecommunications services providers, - in public utility services providers Legal advantages associated with the appointment of a DPO - simplification of procedures : mandatory registration of automated processing of sensitive data need not to be done Sections 19, 25, 29, 30 and 49 of the DP Act n 428/2002 amended Mandatory - if more than 5 employees (if the DC fails to do so, a fine from SKK 30.000 to 3.000.000 can be imposed) Optional - if less than 6 employees -- - simplification of procedures : exemption from mandatory registration except for sensitive types of processing or when transborder data flows to non Sections 30 to 35 of the DP Act ( Cap 440), ACT XXVI of 2001, as amended by Act XXXI of 2002 Optional - simplification of procedures : exemption from mandatory registration except when Authority prior checking is required (sensitivity) Page 1 sur 6

adequate countries Role General Maintenance of a registry of processing Mandatory tasks - Monitor the compliance of the DC upon processing of personal data with DP and other laws. -- - Supervise observation of statutory provision in the processing of personal data (register) (register) (records) - available to anybody at request -- - contribute to or assist in making decisions related to data processing and to the enforcement of the rights of data subjects - monitor compliance with data protection requirements - investigate reports submitted to him, and call on the data controller or technical data processor to discontinue any unlawful data processing observed by him - draw up the internal data protection and data security rules - ensure the training of the staff in data protection - assess whether any danger of violation of the rights and freedoms of data subjects arises from their processing before commencement of the processing - notify the DC in writing (otherwise a fine up to SKK 100.000 can be imposed) without undue delay of any violation - supervise the fulfilment of the DC s basic obligations related to data protection - advise data subjects on their rights and obligations - determine and supervise the implementation of technical, organisational and personal measures (including the elaboration of Security Project or documents related to data protection) - supervise the selection of the processor (including draft of a written contract or written authorization for the processor) - Ensure that the personal data is processed in a correct and lawful manner and in accordance with good practice (register) -available to any person at request - Duty to report inadequacies to DC - Assistance to data subjects in the exercise of their rights - Paying notification fee to Authority on behalf of DC after payment by DC Page 2 sur 6

Appointm ent Work conditions - supervise transborder data flows - notification to Authority of processing when required or maintenance of a documentation of processing if notification not required - ensure the processing of requests of data subjects related to the application of their rights -- -- -- -- Activity Report Optional tasks -- Qualifications -- - higher education degree in law, public administration or information technology, or equivalent qualification Internal / external... Formalities - lawyer: -- - legal entity: -- Notification to Authority upon appointment of DPO - lawyer:-- - legal entity:-- Notification to Authority (Prior to the DC commencement of activity) Independence -- Reports directly to the head of the DC or data processor - full legal capacity - meets the precondition of integrity (irreproachable citizen, who was not sentenced, by a final decision, for a deliberate crime or who was not sentenced to imprisonment without suspension: need an extract from the Criminal Register) - lawyer:-- - legal entity: no The DC may appoint several DPO Notification to Authority (without undue delay: at the latest within 30 days) - if the DC failed to enable, disturbed, frustrated or otherwise - lawyer: -- - legal entity: -- Notification to Authority -- Page 3 sur 6

Relations with the Authority obstructed the DPO s tasks, a fine from SKK 30.000 to 3.000.000 can be imposed - a legal representative of the DC cannot be DPO Status -- -- Status of the entitled person of the -- controller Means -- -- - The DC shall provide a -- professional training of the DPO (if the DC fails to do so, a fine from SKK 30.000 to 3.000.000 can be imposed) - the DC shall accept the DPO legitimate proposals Availability -- -- -- -- Notification of DPO appointment Contact of the Authority by the DPO Contact of the DPO by the Authority Shall include name and contact details - mandatory if the DPO informs the DC of a violation discovered upon the processing and if the DC does not immediately take measure to end the violation - mandatory if the DPO is in doubt as to which requirements are applicable to the processing of personal data or which security measures must be applied upon processing of personal data Shall include name and contact details (within 30 days) Shall include various information on the DPO including a statement on integrity -- - obligation of cooperation -mandatory if DPO informs DC of a violation and if DC fails to rectify the situation without undue delay -- -- -- -- -mandatory if DC has not rectified a violation asap after notice by DPO - mandatory consultation in case of doubt about how to apply the rules Page 4 sur 6

Terminati on / Resignatio n of the DPO Tableau réalisé par Me Pascale Gelly (Cabinet Gelly), assistée d E. Quillatre, à l occasion des 5èmes Assises du Correspondant Informatique & Libertés (Paris 10 juin 2009) At the request of the DPA By the DC -- -- - the DPA is entitled to DC to appoint a different DPO if it is proven that DPO failed to fulfil or did not fulfil sufficiently his obligations, or assessed incorrectly or applied incorrectly in practice the rights and obligations imposed on the DC -- Notification of Authority -- -- Notification of Authority required required -- -- -- -- At the DPO initiative Liability -- -- - notification of deficiencies or requests by DPO to fulfil his obligations must not a reason for DC to cause damage to DPO -administrative fine up to SKK 100,000 to DPO who failed to notify DC of violations or to notify the Authority if DC did not rectify the violation -- Version up to date on September 29, 2009 We invite our readers to provide us with their comments in order to improve this document (pg@pascalegelly.com) Glossary Authority: Supervisory authority DPO: Data Protection Official DC: Data Controller DP: Data Protection Page 5 sur 6

Credits We thank Pascale Gelly and Elisabeth Quillatre from Gelly s law firm for their preparation and drafting of this document. Bibliography Available English translations of national Data Protection Acts in Data protection Authorities websites Page 6 sur 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information