Planning for new General DP Regulation

By | Friday July 31st, 2015

As the GDPR progresses along its path, the program to comply with the new discipline has to be envisaged.

Such program shall surely be complex for the impacts that the new regulation is going to have on organization, processes and technologies.

Preliminarily there are two basic questions that need to find answers:

  • Which is the allowed time scale, i.e. when will the GDPR be fully effective?
  • What exactly will change in the daily practice?

Not being a lawyer the first question is not a straightforward one to me.

An EU regulation, as such, does not necessarily have to be ratified by national authorities to become effective, but after its publication on the Official Journal of the European Union, will start a two years transitional period and only at its completion will be directly applicable.

So the question becomes what will happen with national DP laws?

In Italy, as one, dlgs 196/03 not only includes provisions that are superseded by new GDPR, but also rules enforcing different EU then not affected. Also, many other bills refer to and make assumption on the privacy code.

Moreover: each member state shall lay down rules for sanctions and may modify some aspects of the GDPR not to mention the need of standards and guidelines.

So while the transitional period is being used to complete the legal framework, business shall design processes

  1. To assess, mitigate and document privacy risk;
  2. To review and integrate existing controls;
  3. To detect and communicate data breaches.
Category: Legal framework Tags: , , , ,

About Francesco Severi

I have been working as a security practitioner in the latest 15 years, involved in security projects on as many different area as IAM, SIEM, Data Masking, Auditing and BCP I achieved a number of professional certifications including CISSP, CISA, CISM, LA 27001, LA2000. As a professional having his primary focus in Security and resiliency, I understood that Compliance plays a relevant role in defining the needs of companies, and that being able to translate laws, standard and regulations in terms of technologies and processes was crucial to providing value to customers. Privacy regulations and the Digital Agenda for Europe are therefore among my main areas of interest.

One thought on “Planning for new General DP Regulation

  1. Alessandro Vallega

    I agree. I add that I see a trend where most modern compliances (in different areas) are inspired by international best practices regarding security. These new compliances mention segregation of duties, risk analysis, need to know principle and so on. So performing the tasks you suggest will be beneficial in the long term for other compliances and the security in general.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.