Educause Security Discussion mailing list archives
Re: GDPR - DPO Role
From: "Penn, Blake C" <blake.penn () SECURITY GATECH EDU>
Date: Fri, 27 Apr 2018 13:32:57 +0000
A more fundamental question to ask is do you really need a DPO? For a lot of institutions outside of the EU the answer may be no. Regards, Blake Penn Information Security Policy and Compliance Manager Cyber Security Georgia Institute of Technology (404) 385-5480 From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim Sent: Friday, April 27, 2018 09:25 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] GDPR - DPO Role A quick question, how is your institution handling the role of the Data Protection Officer? We do not feel that we are large enough to have a separate DPO but we aren't sure where or in what area the responsibilities for the role would land. Our thoughts are either in the Information Security Office, General Counsel, or possibly a Sr. VP that reports directly to the President. Our internal auditor's feel that General Counsel would be the right place but they are reticent to take on the task. Any suggestions as to what you are doing would be great. Jim James Pardonek, MS, CISSP, CEH, GSNA Information Security Officer Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL 60660 *: (773) 508-6086 Loyola University Chicago will never ask your for your username or password. For the lastest information security news at Loyola, please follow us online, Twitter: @LUCUISO Facebook: https://www.facebook.com/lucuiso/ Our Blog http://blogs.luc.edu/uiso/
Current thread:
- GDPR - DPO Role Pardonek, Jim (Apr 27)
- Re: GDPR - DPO Role Penn, Blake C (Apr 27)
- Re: GDPR - DPO Role Gregg, Christopher S. (Apr 27)