External data processors: long-term partnership or do not take responsibility?

By | Tuesday June 19th, 2018

Finally, the GDPR highlights the situations of disorganization. We are witnessing the attempts to carry out what has not been done so far, especially from the point of view of operational concreteness.

In drafting the treatment register, emerges the problem of the assessment regarding the appointments of external data processor.

I have observed that some controllers ‘spam’ their suppliers, by filing a declaration of compliance of their products / services to GDPR, moving the responsibility towards external data processors.

In my opinion this approach is immature and husty: this is not accountability. Perhaps this is how it is still demonstrated not to attack the problem according to the risk assessment perspective, contravening the spirit of GDPR, because it starts from a solution without having previously analyzed the process risk.

How can possible a partnership and a cultural growth from these bases?

Category: Impact, Risk and Measures Roles and Liabilities Tags: , ,

About Giampaolo Franco

Giampaolo Franco, degree in Computer Science, Certified Information Security Manager (CISM). Dr. Franco has more than 10 years of experience in governance, risk management, and compliance at Azienda Provinciale per i Servizi Sanitari (APSS, the main healthcare provider of the Autonomous Province of Trento). He is involved in several activities at APSS, including business continuity and disaster recovery, risk analysis, privacy compliance, awareness, internal / external audits, incident management, optimization and quality control of IT processes. Previous work experiences include project management, analysis and programming for several financial institutions. He has also been a consultant for the University of Trento, working in a project aimed to define organizational and security aspects related to the introduction of integrated models of digital teaching in school. Dr. Franco continues to pursue research, education and awareness activities related to information security for the Public Administration with remarkable passion and leadership. He is a member of the ISACA VENICE Chapter, Oracle Community for Security and contributor of Europrivacy. In 2016 he's the winner of the European Institute of Innovation & Technology - EIT Digital pre-incubation programme with a project on Art&Technology.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.