The secret to GDPR success – getting your DPO right

The highly varied infringements that have prompted fines over the past year, demonstrate the significant scope of the General Data Protection Regulation. Kate Marshall, Daniel Seiler and Nikola Werry discuss a key aspect of an effective privacy governance framework.

Kate Marshallis a partner with KPMG Law in Australia, Daniel Seiler is head of legal transformation and technology law with KPMG in Switzerland, while Nikola A F Werry LLM (UK) is manager, compliance, governance and organisation, with KPMG Law Rechtsanwaltsgesellschaft mbH in Germany.

With the first anniversary of GDPR in May this year, many businesses have been looking back on the past year with a mixture of relief coupled with some ongoing anxiety that the worst is yet to come. So far, with the exception of a high-profile fine by the French data regulator CNIL handed to a global technology company, the volume of fines has been relatively low – as have the relative penalties. But the scale of the fine handed out to by CNIL could set a precedent, especially for large multinationals.