Cookie banner frustration

The European Commission has proposed new regulations that would limit the way companies track users on the internet.

Part of that plan would see the removal of website banners that provide disclaimers on cookie policies and instead have the user’s browser preferences automatically apply to each site they visit. In addition companies will need to get explicit consent from a user before being allowed to track their online activities.

If passed, the new rules will come into effect by May 2018.

Read more… (opens in a new tab)

Do I need to appoint a Data Protection Officer to comply with the GDPR (General Data Protection Regulations)?

Not necessarily, but you must ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR and so you can appoint a data protection officer (DPO) if that helps you meet this criteria.

The GDPR says that they should have professional experience and knowledge of data protection law. This should be proportionate to the type of processing your organisation carries out, taking into consideration the level of protection the personal data requires.

Public authorities (except for courts acting in their judicial capacity) are required to appoint a data protection officer (DPO), as is any organisation carrying out large scale systematic monitoring of individuals (for example, online behaviour tracking); or carrying out large scale processing of special categories of data or data relating to criminal convictions and offences.

The DPO’s minimum tasks are defined in Article 39:

  • To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
  • To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
  • To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).

You must ensure that:

  • The DPO reports to the highest management level of your organisation – ie board level.
  • The DPO operates independently and is not dismissed or penalised for performing their task.
  • Adequate resources are provided to enable DPOs to meet their GDPR obligations.


The role of DPO can be allocated to an existing employee. As long as the professional duties of the employee are compatible with the duties of the DPO and do not lead to a conflict of interests. You can also contract out the role of DPO externally.

How can Crimson Crab Help?

 

 

Crimson Crab talking about GDPR on 93.7 Express FM

The rules are changing on data protection, if you want to find out more, Rob from Crimson Crab will be talking to Miles Hensen on 93.7 Express FM’s Business Programme at 7pm on Thursday 29th June 2017.

wp-1474501850447.jpeg

Many thanks to Reputation Advocate Lorna Jackson of Advance & Get Noticed for arranging this.