Is it considered a conflict of interest if the CEO of a Tech company is appointed as the DPO? | Office of the Information Commissioner, Jamaica

Submitted by admin on 12 August 2023

The Data Protection Act states that a person shall not be qualified for appointment if there is or is likely to be any conflict of interest between the person’s duties as a data protection officer and any other duties of that person. In this regard, it is expected to act independently of management in the carrying out of the functions as Data Protection Officer (DPO). It is also important to note that in resolving complaints and assessing the Information Technology system and the attendant policies the DPO is capable of acting in the best interest of the client or data subject.

The prevailing view suggests that the CEO of a Tech Company, being primarily focused on the day-to-day survival and success of their business, might not be inclined to address issues that could potentially reflect negatively on their company. Thus, there may exist a conflict of interest in taking on the role of DPO.

About OIC

Our Services

Contact the OIC