Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
General Data Protection Regulation (GDPR) ambiguity, national diversity and data protection officer certification: Implementing Art. 39(1) GDPR in France, Italy, Luxembourg and Spain
Journal of Data Protection & Privacy,
4
(4),
388-403
(2021)
Abstract
The General Data Protection Regulation (GDPR) of the European Union (EU) does not always make legally binding provisions with unambiguous implications. The implementation of Art. 39(1) GDPR regarding the certification of Data Protection Officers (DPOs) is left to the discretion of Member States. This paper will show what action has been taken by the national data protection authorities (DPAs) of France, Italy, Luxembourg and Spain. Insights gained from examining the four national frameworks, which are quite dissimilar in many ways, will be compared and contrasted. This will lead to a systematic and teleological interpretation, as well as to a more general discussion of GDPR ambiguity and the prospect of fragmentation through national implementation diversity. The paper will conclude with some thoughts on the need for controllers to invest in qualified staff to perform DPO roles, as well as some reflection on the human resources (HR) policies of DPAs.
Keywords: Data Protection Officer; European Union; European Economic Area; access to professional practice; General Data Protection Regulation; national implementation; uniform application of Union law; formal learning; nonformal learning; (professional) competencies; skills; validation; recognition; mobility; free movement
The full article is available to institutions that have subscribed to the journal.
Author's Biography
Jacob Kornbeck works in the European Commission, Youth Unit, where he is in charge of the Structured Dialogue with young people, relations to the European Youth Forum, EU Presidencies and the Council of Europe, while also providing data protection advice related to the running of the Youth Unit’s databases with online registration tools (European Voluntary Service (EVS), European Solidarity Corps (ESC), European Commission Traineeship Office). Jacob has previously worked in the European Commission, Sport Unit, on data protection aspects of the anti-doping fight, and in the secretariat of the European Data Protection Supervisor (EDPS). In addition to various academic degrees (BSc, MA, PhD, LLM), he holds a Certificate for Data Protection Officers and other Data Protection Professionals from the European Institute of Public Administration (EIPA) in Maastricht.
