Roles and Liability

By | Monday May 25th, 2015

In essence, the main subjects are still the Controller and Processor, together with the Data Subject but a new figure appeared between Controller and Processor, the Data Protection Officer (see the specific category), as expert counselor on data protection issues.

Pursuant to art. 77 of the Regulation, any person who has suffered damage as a result of unlawful processing operations or of actions deemed incompatible with the Regulation, shall have the right to receive compensation from the Controller or the Processor for the damage suffered. Each Controller or Processor shall be jointly and severally liable for the entire amount of the damage.

Here we discuss about the relationship between subjects, their roles and consequences of their liability.

Category: Roles and Liabilities

About Alessandro Vallega

He is Security Business Development Director for Oracle EMEA. He has the responsibility to lead a cross functional team on the GDPR (General Data Protection Regulation, EU 679/2016) at EMEA level (marketing, legal, sales, training, technology). He founded and coordinates an external blog on the same topic ( He has defined a European methodology to evaluate the database security degree of a data center and the advantages of identity and access management technology. He founded in 2007 the Oracle Community for Security, and in that context led the creation of several publications about security and privacy in the cloud, with mobile, in the social media, in healthcare, on return on security investments, about the role of the CISO, and how to prevent frauds. He is an author of the Italian annual ICT Security Report by CLUSIT and he is part of the CLUSIT board of directors.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.