As a DPO, it is always interesting to meet your peers and participate in data protection events all over Europe. Associations are numerous in the Member States. We present some of them here.
Let’s start with the CEDPO (Confederation of European Data Protection Organisations). It was created in 2011 by four European associations: AFCDP (French Association of Personal Data Protection Correspondents), APEP (Asociación Profesional Española de Privacidad) which represents Spain, GDD (Gesellschaft für Datenschutz und Datensicherheit) in Germany, and the Dutch association NGFG (Nederlands Genootschap van Functionarissen voor de Gegevensbescherming).
In February 2014, the Irish from ADPO (The Association of Data Protection Officers), the Austrians from ARGE DATEN and the Polish from SABI (Stowarzyszenie Inspektorów Ochrony Danych) joined CEDPO. The very last memberships took place between 2018 and 2020 with the arrival of the Italians (ASSO DPO / Associazione Data Protection Officer), the Portuguese from the AEPD (Associação de Encarregados de Proteção de Dados) and the Romanians from the ASCPD ( Asociatia Specialistilor in Confidentialitate si Protectia Datelor).
CEDPO’s missions are to promote the role of the Data Protection Officer (DPO), to provide advice on balanced and effective data protection, and to contribute to better harmonisation of data protection legislation and practices within the European Union.
EFDPO, the European federation of DPOs
Another structure to know: the EFDPO (European Federation of Data Protection Officers). It was created in Berlin in June 2019 by associations of DPOs from Austria, France, Germany, Portugal, the Czech Republic, Slovakia, Greece and Liechtenstein. Its main objectives are to represent the interests of data protection officers in Brussels. The EFDPO notably pursues the objective of seeing the establishment of a European certification standard for DPOs.
“We consider data protection officers to be key experts in companies and institutions. They guarantee the entrepreneurial capacity to act within the framework of the GDPR and, at the same time, ensure the respect of consumer rights and civil rights in terms of data protection”, declares the EFDPO on its site.
In July 2022, the EFDPO management committee appointed Pierre-Yves Lastic (Vice-President of the Union des Data Protection Officers / UDPO based in France) as Secretary General. He leads the association alongside the German Thomas Spaeing (President), the French Xavier Leclerc (Vice-President), the Austrian Judith Leschanz, the Portuguese Inês Oliveira and the Czech Vladan Rámiš.
Associations present in each country
Some associations based in the Member States are also worth a detour for the richness of their content and their events. Without being able to list them all, it is possible to name a few. In Austria, for example, the Association of Austrian Data Protection Officers has made it its mission to promote and represent the interests of data protection officers in the country.
Chaired by Judith Leschanz, this association places particular emphasis on the creation of an active network made up of DPOs within companies and administrations, and other persons concerned by data protection. It also aims to create a platform for the exchange of information and experiences. She also works on the development of instructions and technical recommendations (best practice) and training content for the private and public sector.
In Germany, the BvD (Association of Data Protection Officers Germany) is headed by Thomas Spaeing, in Berlin. It represents the interests of more than 1,800 data protection officers working in companies and public bodies, as well as consultants across the country. Founded in 1989, it is the oldest structure in this field.
In order to ensure high quality standards in data protection, the BvD has developed a code of practice for DPOs, in cooperation with supervisory authorities and industry experts. Through working groups and regional sections, workshops and regular conferences, the BvD offers a permanent exchange with the world of politics, business, researchers and supervisory authorities.
In Greece, the Hellenic Association for Data Protection and Privacy (HADPP) was created in 2017. It is the largest data protection association in the country. The HADPP is made up of privacy professionals (not necessarily DPOs) with primarily a legal or IT background. It aims to raise awareness of potential risks, recognise vulnerabilities, and help improve business response and data protection standards through multidisciplinary practice. It is directed by Spiros Tassis.
In Portugal, APDPO Portugal brings together data protection specialists and ensures dialogue and exchange of experiences within the profession. According to APDPO Portugal, these experts are in charge of reconciling two different principles in the digital societies of the 21st century: strengthening and guaranteeing data privacy as a fundamental right of individuals and promoting innovation in this area. The President of the Board of Directors of the association is Inês Oliveira.
In the Czech Republic, the association Spolek pro ochranu osobních údajů (Society for the protection of personal data) is one of the most important organisations in the country bringing together professionals involved in the processing and protection of personal data in companies, local authorities and public administration. It is also a professional DPO organisation. The association, founded in 2014, is chaired by Vladan Rámiš. It has more than 250 members.
The list of essential associations is still long. Depending on the targeted country, it is possible to find a shoe that fits your expectations. Some associations emphasise legislative lobbying, while others favor meetings between peers and the sharing of feedback. In order to identify the right interlocutors, it is essential to participate in conferences or professional meetings, in order to get an idea on the ground.