But in the U.S., the CPO role varies considerably, given to the IT or legal department, Holcomb points out. The EU-styled DPO, on the other hand, is supposed to be much like an independent watchdog, reporting to the highest level of management, who basically cannot be dismissed for the four-year appointment term at the company. Holcomb said companies will be assessing whether their CPO can become the designated DPO, or whether there needs to be a separate DPO for European business operations if they don't already have one.
The penalties for failure to comply with the anticipated regulations will be high. As currently written, the draft regulation carries the prospect of hefty fines against the business, a possible "5% of worldwide annual turnover or 100 million Euros, whichever is greater," according to a recent PwC report on the topic.
Sign up for Computerworld eNewsletters.