Author Archives: Alessandro Vallega

About Alessandro Vallega

He is Security Business Development Director for Oracle EMEA. He has the responsibility to lead a cross functional team on the GDPR (General Data Protection Regulation, EU 679/2016) at EMEA level (marketing, legal, sales, training, technology). He founded and coordinates an external blog on the same topic (https://blog.europrivacy.org). He has defined a European methodology to evaluate the database security degree of a data center and the advantages of identity and access management technology. He founded in 2007 the Oracle Community for Security, and in that context led the creation of several publications about security and privacy in the cloud, with mobile, in the social media, in healthcare, on return on security investments, about the role of the CISO, and how to prevent frauds. He is an author of the Italian annual ICT Security Report by CLUSIT and he is part of the CLUSIT board of directors.

GDPR guidance… simple informative text

I have found at this link a guidance to GDPR. It is written in Italian because it has been provided by the Italian DPA. It is high level, non technical, simple and informative. Is uses a lot of graphics and address the general public. I think is necessary to communicate to EU citizens the value of this new… Read More »

Change in the group of coordinators

As part of the normal life of this blog we are announcing here a change in the coordinators. Guglielmo has asked to leave the coordinators group because of an increased workload due to external factors, but of course he will continue as one of the contributors. We thank Guglielmo who helped us kick off this initiative… Read More »

Friends call it GDPR

Next week, within Security Summit, the most important Security Conference in Italy, some of the contributors of this web site, present and discuss about Data Breach, Data Protection by Design and Roles and Responsibilites. Per gli amici si chiama GDPR March 16th, at 11.30 AM Also, the next day, AUSED with other contributors and guests, will discuss about GDPR… Read More »

Data breach notification… in Canada

This article from Financial Post explains the Digital Privacy Act that became law on June 18 in Canada. It’s not related to Europe, but Canada. However it showcases a common trend in several countries. Data breach shall be notified. The mandatory notification provisions require organizations to notify the Privacy Commissioner as well as potentially affected individuals of a… Read More »

Fines?

Amendment 188, Proposal for a regulation, Article 79 “c) a fine up to 100 000 000 EUR or up to 5% of the annual worldwide turnover in case of an enterprise, whichever is higher.” You have to read “100 million € or higher”. For Oracle, the company I work for, that would amount to 565 millions dollars, more… Read More »

About security of the processing

The Amendment 124, Proposal for a regulation, Article 30 states: 1.  The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing, taking into account the results of a data protection impact assessment (…), having regard to the state of the art and… Read More »

Data Protection Officer

The Controller is required to appoint a Data Protection Officer (DPO), based on the candidate’s professional skills, on his deep knowledge of data protection law and practices, and according to the type of operations carried out and the protection required for processed personal data. DPO is a key role in the pyramid of data protection actors. This… Read More »

Sanctions

Regulation requires, as prescribed by art. 78, every Member State to lay down rules on penalties applicable to infringements of the Regulation. Differently, pursuant to the next art. 79, supervisory authorities shall impose administrative fines, depending on the specific unlawful action committed: from 250,000 EUR or 0.5% of the annual worldwide turnover of an enterprise,… Read More »

Privacy by Design

The Regulation introduces the concept of “privacy by design”. Pursuant to art. 23 of the Regulation, the Controller shall implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. This principle is… Read More »