Backup and Storage

EU data protection officers ‘could be exposed to conflicts of interest’

People tasked with protecting data could be leaving it vulnerable to leaks.

People tasked with data protection at various organistions linked to the European Union could be failing to protect sensitive information because of conflicts of interest.

This is the suggestion of a new report published by the European Data Protection Supervisor (EDPS), after it questioned staff at the European Commission, the European Parliament, the Court of Justice of the European Union and the European Anti-fraud Office.

It warned that this could especially be the case when officers only fulfil their roles on a part-time basis.

The EDPS acknowledged that it is important for Data Protection Officers (DPOs) to have a good understanding of their administration centres and how their institutions operate.

But it added: "However, EU institutions and bodies should be careful to avoid any conflict of interests between DPO duties and any other official duties."

"In particular, part-time DPOs should not act as data controller in their primary activity."

It was not specified exactly what these conflicts could involve, but it implies that staff may not be dedicated to keeping information confidential.

According to the polls, 55 per cent of DPOs are currently ‘temporary agents’, while 15 per cent are ‘contractual agents’ and only five per cent are in full-time positions within their organisations.

Concern was also expressed regarding the high turnover seen among DPOs, with more than half having served less than two years in their current roles. This could lead to problems if there are negative feelings towards employers and the employee chooses to take sensitive data with them when they leave.

The European Commission recently proposed reforms to EU data protection laws that could see almost all organisations required by law to appoint a DPO, rather than just those linked to the EU.

However, information law experts Amberhawk Training recently claimed that the UK is opposed to such as singularly applicable regime, Out-Law reported.

Employing secure online document storage services and making confidential information available to only selected individuals could be one way of keeping data safe.