Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
General Data Protection Regulation (GDPR) ambiguity, national diversity and data protection officer certification: Implementing Art. 39(1) GDPR in France, Italy, Luxembourg and Spain
Journal of Data Protection & Privacy,
4
(4),
388-403
(2021)
Abstract
The General Data Protection Regulation (GDPR) of the European Union (EU) does not always make legally binding provisions with unambiguous implications. The implementation of Art. 39(1) GDPR regarding the certification of Data Protection Officers (DPOs) is left to the discretion of Member States. This paper will show what action has been taken by the national data protection authorities (DPAs) of France, Italy, Luxembourg and Spain. Insights gained from examining the four national frameworks, which are quite dissimilar in many ways, will be compared and contrasted. This will lead to a systematic and teleological interpretation, as well as to a more general discussion of GDPR ambiguity and the prospect of fragmentation through national implementation diversity. The paper will conclude with some thoughts on the need for controllers to invest in qualified staff to perform DPO roles, as well as some reflection on the human resources (HR) policies of DPAs.
Keywords: Data Protection Officer; European Union; European Economic Area; access to professional practice; General Data Protection Regulation; national implementation; uniform application of Union law; formal learning; nonformal learning; (professional) competencies; skills; validation; recognition; mobility; free movement
The full article is available to subscribers to the journal.
Author's Biography
Jacob Kornbeck since joining the European civil service in 1999, Jacob Kornbeck has been working in the Council Secretariat, in the European Commission and in the secretariat of the European Data Protection Supervisor (EDPS). He is currently a policy officer in the European Commission and an external lecturer at the German Sport University in Cologne. Besides various academic degrees (BSc, MA, LLM, PhD, Dr Phil), he also holds a certificate in data protection from the European Institute of Public Administration (EIPA) in Maastricht. Jacob is a member of the Board of the Journal of Data Protection and Privacy.
