Data Protection Officer

The request was successful.

Dear Comhairle nan Eilean Siar,

1. Could you let me know?

a. What position in the Council is designated as Senior Information Risk Owner (SIRO)?
b. The name of your Data Protection Officer (DPO)?
c. Job title of the DPO, if not just DPO?
d. If the DPO also has other duties, approximately how much of their time is spent on DPO work?
e. If the DPO has other responsibilities, has a risk assessment been carried out to ensure that any potential conflicts of interest as identified in the GDPR and the guidance from the European Data Protection Board are managed? If so, has this been reviewed in light of the recent decision of the Belgium Data Protection Authority (28 April 2020): https://edpo.com/news/dpo-and-conflict-o...
f. The line manager of the DPO – i.e. the post that the post holder reports to. Is it the SIRO?
g. Who the DPO reports to in their role as DPO if that differs from the line manager? Is it the SIRO?
h. At what spinal point is the DPO paid?
i. Key relevant qualifications that the DPO and SIRO hold or relevant training completed.

2. And could you provide the relevant extract of the Council’s Organisational Chart that shows the DPO, the DPO’s line manager, the post holder that the DPO reports to, the SIRO and Chief Executive?

Yours faithfully,

Caroline Smith

CNES FOI Team, Comhairle nan Eilean Siar

Dear Caroline Smith

I write to acknowledge receipt of your request for information and note
the terms of your request as detailed below.  We've automatically assigned
this request an reference of 2020081927000621.  Please use this reference
number in all correspondence with us (Tip: replying to this email, so that
the ticket ref is included in email subject is the easiest way to
correspond with us on this case)

Your request for information will be processed in accordance with the
Freedom of Information (Scotland) Act 2002 ( the Act ) / Environmental
Information (Scotland) Regulations 2004 ( the EIRs ) and guidance issued
by the Office of the Scottish Information Commissioner.  A response to
your request for information will be issued promptly and in any event
within 20 working days following receipt of the request.

--
Le durachd,
Freedom of Information Team
Comhairle nan Eilean Siar | Sandwick Road | Stornoway | Isle of Lewis |
HS1 2BQ
Web: [1]www.cne-siar.gov.uk
Tel: 01851 822721 (Extension 211 599)

References

Visible links
1. http://www.cne-siar.gov.uk
http://www.cne-siar.gov.uk/

CNES FOI Team, Comhairle nan Eilean Siar

Dear Ms Smith,

Re: help desk request (ticket ref [1]2020081927000621)

Thank you for your recent request submitted under the Freedom of
Information (Scotland) Act 2002. Please see the information requested
below. 

1 a. What position in the Council is designated as Senior Information Risk
Owner (SIRO)? Mr Malcolm Burr, the Chief Executive
b. The name of your Data Protection Officer (DPO)? Mr Tim Langley
c. Job title of the DPO, if not just DPO? Legal and Procurement Manager
d. If the DPO also has other duties, approximately how much of their time
is spent on DPO work?  Estimated at 25%
e. If the DPO has other responsibilities, has a risk assessment been
carried out to ensure that any potential conflicts of interest as
identified in the GDPR and the guidance from the European Data Protection
Board are managed? If so, has this been reviewed in light of the recent
decision of the Belgium Data Protection Authority (28 April 2020):
[2]https://edpo.com/news/dpo-and-conflict-o... No
f. The line manager of the DPO – i.e. the post that the post holder
reports to. Is it the SIRO? No, but in matters of data protection
governance, the DPO liaises directly with the SIRO.
g. Who the DPO reports to in their role as DPO if that differs from the
line manager? Is it the SIRO? Yes
h. At what spinal point is the DPO paid? The designated Data Protection
Officer has three points within the grade at SPC 93, 96 and 99.
i. Key relevant qualifications that the DPO and SIRO hold or relevant
training completed. The DPO is the Comhairle’s principal solicitor.

2. And could you provide the relevant extract of the Council’s
Organisational Chart that shows the DPO, the DPO’s line manager, the post
holder that the DPO reports to, the SIRO and Chief Executive?

 

If you are dissatisfied with this response you can request the Comhairle
to review this response to your request for information. You have 40
working days from the date of receipt of this response in which to lodge
this request for review. A request for review must be processed in
accordance with Part 1 of the Freedom of Information (Scotland) Act 2002,
must be in writing, describe your original request and explain why you are
dissatisfied. An application for review should be sent to Legal Services
Manager, Comhairle nan Eilean Siar, Council Offices, Sandwick Road,
Stornoway, Isle of Lewis HS1 2BW ([3][email address]). A
request for review lodged with the Legal Services Manager must be
processed promptly and in any event within 20 working days of receipt.

Should you remain dissatisfied after completion of the review process you
may, within 6 months, apply to the Scottish Information Commissioner,
Kinburn Castle, Doubledykes Road, St Andrews, Fife, KY16 9DS, to establish
whether your request for information has been processed in accordance with
Part 1 of the Freedom of Information (Scotland) Act 2002. You may also
request an appeal through the Commissioner\'s online appeal service which
is available 24/7 and offers requesters real time help and advice about
their appeal - [4]www.itspublicknowledge.info/Appeal Should you remain
dissatisfied after the conclusion of an application to the Scottish
Information Commissioner you have the right to appeal to the Court of
Session on a point of law.

 

--
Kind regards
FOI Team
Comhairle nan Eilean Siar | Sandwick Road | Stornoway | Isle of Lewis |
HS1 2BW
Email: [Comhairle nan Eilean Siar request email]
Web: [5]https://www..cne-siar.gov.uk
Tel: 01851 600 501 (Extension 211598)

19/08/2020 18:05 - Caroline Smith wrote:
WARNING: THIS EMAIL CAME FROM OUTSIDE THE COMHAIRLE; PLEASE TREAT
HYPERLINKS OR
ATTACHMENTS WITH CAUTION. CONTACT THE IT HELPDESK IF IN ANY DOUBT.

Dear Comhairle nan Eilean Siar,

1. Could you let me know?

a. What position in the Council is designated as Senior Information Risk
Owner
(SIRO)?

b. The name of your Data Protection Officer (DPO)?

c. Job title of the DPO, if not just DPO?

d. If the DPO also has other duties, approximately how much of their time
is spent
on DPO work?

e. If the DPO has other responsibilities, has a risk assessment been
carried out
to ensure that any potential conflicts of interest as identified in the
GDPR and
the guidance from the European Data Protection Board are managed? If so,
has this
been reviewed in light of the recent decision of the Belgium Data
Protection
Authority (28 April 2020): [6]https://edpo.com/news/dpo-and-conflict-o...

f. The line manager of the DPO – i.e. the post that the post holder
reports to. Is
it the SIRO?

g. Who the DPO reports to in their role as DPO if that differs from the
line
manager? Is it the SIRO?

h. At what spinal point is the DPO paid?

i. Key relevant qualifications that the DPO and SIRO hold or relevant
training
completed.

2. And could you provide the relevant extract of the Council’s
Organisational
Chart that shows the DPO, the DPO’s line manager, the post holder that the
DPO
reports to, the SIRO and Chief Executive?

Yours faithfully,

Caroline Smith

-------------------------------------------------------------------

Please use this email address for all replies to this request:

[FOI #686011 email]

Is [Comhairle nan Eilean Siar request email] the wrong address for Freedom of Information
requests to
Comhairle nan Eilean Siar? If so, please contact us using this form:

[7]https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on
the
internet. Our privacy and copyright policies:

[8]https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the
latest
advice from the ICO:

[9]https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will
be
delayed.

If you find this service useful as an FOI officer, please ask your web
manager to
link to us from your organisation's FOI page.

-------------------------------------------------------------------
 

References

Visible links
1. https://helpdesk.cne-siar.gov.uk/otrs/cu...
2. https://edpo.com/news/dpo-and-conflict-o..
https://edpo.com/news/dpo-and-conflict-o..
3. file:///tmp/\
4. file:///tmp/\
5. https://www..cne-siar.gov.uk
https://www..cne-siar.gov.uk/
6. https://edpo.com/news/dpo-and-conflict-o..
https://edpo.com/news/dpo-and-conflict-o..
7. https://www.whatdotheyknow.com/change_re...
https://www.whatdotheyknow.com/change_re...
8. https://www.whatdotheyknow.com/help/offi...
https://www.whatdotheyknow.com/help/offi...
9. https://www.whatdotheyknow.com/help/ico-...
https://www.whatdotheyknow.com/help/ico-...