The Regulation requires the Controller to notify, without undue delay, the personal data breach to the supervisory authority. Whenever the personal data breach is likely to adversely affect the protection of the personal data, the privacy, the rights or the legitimate interests of the data subject, the Controller must also communicate the personal data breach to the data… Read More »
Regulation states that Privacy Impact Assessment is the first step of a company’s security strategy, that consequentially enhances the analysis of risks related to personal data processing and security measures adopted to protect information. More than setting specific security measures, the Regulation requires the Controller to implement organizational and technical processes to identify, reduce and mitigate risks… Read More »
In essence, the main subjects are still the Controller and Processor, together with the Data Subject but a new figure appeared between Controller and Processor, the Data Protection Officer (see the specific category), as expert counselor on data protection issues. Pursuant to art. 77 of the Regulation, any person who has suffered damage as a result of unlawful… Read More »
After a long consultation, on the 25th of January 2012, the Commission published the first draft of the proposal for a Regulation on the protection of individuals with regard to the processing of their personal data and on the free movement of such data (General Data Protection Regulation). The ordinary legislative procedure is still pending. The… Read More »