Notification to the supervisory authority

By | Tuesday January 17th, 2017

GDPR (Privacy European Regulation) does not require “notification to the supervisory authority” for special data processings. Such notification was required by previous Directive 95/46/CE.

In fact, notification of special processing processings is considered an obsolete tool and, as written in introductory clause 89, “did not in all cases contribute to improving the protection of personal data”.

Now, this notification is replaced by the Data protection impact assessment (or Privacy impact assessment or PIA; in Article 35), to be carried out by controllers for the most critical processing operations. It is up to the controller, prior to the beginning of processing operations, to consult the supervisory authority if the risk is high.

In future, EU Countries can require a prior consultation with supervisory authority for specific processing operations.

Thanks to Pierfrancesco Maistrello of Vecomp for his help on this subject.

Category: Impact, Risk and Measures Tags: , ,

About Cesare Gallotti

More than 15 years of experience in information security and IT process management. Italian representative in ISO/IEC SC 27 WG1 international meetings for writing ISO/IEC 27000 standard family. Activities in Italy, Europe, Asia and Africa, for companies of various sizes and market sectors. Consultancy, training and audit for: information security, quality, compliance with legal requirements (Personal Data Protection, SOX, etc.), compliance with international standards (ISO 9001, ISO/IEC 27001, ISO/IEC 20000, ISO 22301, etc.), and processes improvement.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.