I have found at this link a guidance to GDPR. It is written in Italian because it has been provided by the Italian DPA. It is high level, non technical, simple and informative. Is uses a lot of graphics and address the general public. I think is necessary to communicate to EU citizens the value of this new… Read More »
As part of the normal life of this blog we are announcing here a change in the coordinators. Guglielmo has asked to leave the coordinators group because of an increased workload due to external factors, but of course he will continue as one of the contributors. We thank Guglielmo who helped us kick off this initiative… Read More »
Next week, within Security Summit, the most important Security Conference in Italy, some of the contributors of this web site, present and discuss about Data Breach, Data Protection by Design and Roles and Responsibilites. Per gli amici si chiama GDPR March 16th, at 11.30 AM Also, the next day, AUSED with other contributors and guests, will discuss about GDPR… Read More »
I was in Netherland last week at the Heliview Privacy conference and found that in the Netherlands, starting from January 1st, 2016 the data breaches must be notified to the authority and to the data subject. The non-compliance fines are set to 810.000 euro or an impressive 10% of the company turnover. Here you find more… Read More »
This article from Financial Post explains the Digital Privacy Act that became law on June 18 in Canada. It’s not related to Europe, but Canada. However it showcases a common trend in several countries. Data breach shall be notified. The mandatory notification provisions require organizations to notify the Privacy Commissioner as well as potentially affected individuals of a… Read More »
Amendment 188, Proposal for a regulation, Article 79 “c) a fine up to 100 000 000 EUR or up to 5% of the annual worldwide turnover in case of an enterprise, whichever is higher.” You have to read “100 million € or higher”. For Oracle, the company I work for, that would amount to 565 millions dollars, more… Read More »
The Amendment 124, Proposal for a regulation, Article 30 states: 1. The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing, taking into account the results of a data protection impact assessment (…), having regard to the state of the art and… Read More »
The Controller is required to appoint a Data Protection Officer (DPO), based on the candidate’s professional skills, on his deep knowledge of data protection law and practices, and according to the type of operations carried out and the protection required for processed personal data. DPO is a key role in the pyramid of data protection actors. This… Read More »
Regulation requires, as prescribed by art. 78, every Member State to lay down rules on penalties applicable to infringements of the Regulation. Differently, pursuant to the next art. 79, supervisory authorities shall impose administrative fines, depending on the specific unlawful action committed: from 250,000 EUR or 0.5% of the annual worldwide turnover of an enterprise,… Read More »
The Regulation introduces the concept of “privacy by design”. Pursuant to art. 23 of the Regulation, the Controller shall implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. This principle is… Read More »