Author Archives: Andrea Reghelin

About Andrea Reghelin

Andrea Reghelin is senior compliance manager at Partners4Innovation. He holds a specialization in business organization and information technology, and is an attorney. He deals with corporate compliance, in particular with new technologies law (privacy, IT controls, IT contracts, etc..) and business crime prevention (Legislative Decree no. 231/2001, safety at work and environment), mainly providing consulting support at complex organizations. He is lecturer at several educational events, as well as author of articles and contributions, published in professional journals

The principle of accountability as anticipated by the article 29 Data Protection Working Party

Regulation no. 679/2016 introduces a regulatory framework entirely focused on the duties and “accountability” of the Data Controller, reversing the perspective of the reference framework for personal data protection. Directive 95/46/EC, in fact, was entirely centered on the rights of the data subject, whereas the text of the new Regulation is mainly developed on processes,… Read More »

Relations between Data Controller and Data Processor

The Regulation reinforces the responsibilities of Data Controller and requires evidence that the treatment carried out complies, from the early stages, with all the provisions of the Regulation. The Data Controller is also required to keep documentation of the treatments carried out under its responsibility, mandatorily indicating, for each of them, the information that ensure… Read More »

A new role for certifications?

The Regulation provides for the possibility for Data Controllers and Data Processors to use certification, i.e. services designed to provide reliable evidence of compliance in terms of data protection (definition, implementation and review of appropriate measures). Regarding the Processor, the text provides that the guarantees that the Processor must provide to be appointed as such… Read More »