Re: GDPR - DPO Role

["Penn, Blake C" <blake.penn () SECURITY GATECH EDU>]

A more fundamental question to ask is do you really need a DPO?  For a lot of institutions outside of the EU the answer 
may be no.

Regards,

Blake Penn
Information Security Policy and Compliance Manager
Cyber Security
Georgia Institute of Technology
(404) 385-5480


From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pardonek, Jim
Sent: Friday, April 27, 2018 09:25
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] GDPR - DPO Role

A quick question, how is your institution handling the role of the Data Protection Officer?  We do not feel that we are 
large enough to have a separate DPO but we aren't sure where or in what area the responsibilities for the role would 
land.  Our thoughts are either in the Information Security Office, General Counsel, or possibly a Sr. VP that reports 
directly to the President.  Our internal auditor's feel that General Counsel would be the right place but they are 
reticent to take on the task.

Any suggestions as to what you are doing would be great.

Jim

James Pardonek, MS, CISSP, CEH, GSNA
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

*: (773) 508-6086

Loyola University Chicago will never ask your for your username or password.
For the lastest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: https://www.facebook.com/lucuiso/
Our Blog http://blogs.luc.edu/uiso/