The Belgian Data Protection Authority has decided on the role of the Data Protection Officer, and potential conflict of interest.

Proximus SA has been fined €50,000 for appointing its Head of Compliance, Audit and Risk as Data Protection Officer (DPO).

The role as DPO is well described in the GDPR and the Belgian decision makes it clear that a DPO should not wear to many hats.

GDPR itself already assign the role of both advisor and auditor to the DPO, and to also add decisionmaker and executioner is not only inappropriate, it is also very costly.

We did mention this problem in a webinar earlier (swedish only, sorry)

The Belgian decision: