The Belgian Data Protection Authority (‘DPA’) has issued its decision to fine Proximus SA €50,000 for appointing its head of compliance, audit and risk as its Data Protection Officer (DPO). According to the DPA, this combination of roles creates a conflict of interest and therefore constitutes an infringement of article 38(6) of the GDPR.
For smaller companies having appointed a DPO who combines the role with other functions, this may prove to be a practical challenge that is difficult to overcome without outsourcing the role.