Financial Regulation duplicateJune 18, 2018
The European Parliament has published a corrigendum to the GDPR Regulation.
For further information on any of the issues discussed in this publication please contact the related contact(s) on this page.
Perhaps surprising given that its implementation date is now only four weeks away, the European Parliament has published a corrigendum to the GDPR Regulation.
While the majority of the changes made to the GDPR simply clarify the existing text, it is worth noting that the corrigendum revises Article 35 of the GDPR which relates to the requirement to appoint a data protection officer (“DPO”) in certain circumstances.
In particular, while the original text of the GDPR indicated that it was necessary for a data controller or a data processor to appoint a DPO where its core activities involved the processing on a large scale of (i) special categories of personal data and (ii) personal data relating to criminal convictions and offences on a large scale, the corrigendum has revised this text to provide that a DPO must be appointed where it processes either category of personal data on a large scale, meaning that a larger number of organisations may now be required to appoint a DPO. In particular the potential impact of this requirement on regulated entities such as funds, fund service providers and investment firms will need to be carefully assessed.
A copy of the corrigendum is accessible here. For a fuller discussion on the role of the DPO, see our linked analysis.
If you have any questions relating to implications of the corrigendum for your organisation, please contact your usual contact at Dillon Eustace, Dublin.
Dillon Eustace - May 2018
