Author Archives: Giancarlo Butti

About Giancarlo Butti

Deals with ICT, organization and legislation since the early 80s covering different roles: security manager, project manager, auditor at banking groups, consultant in security and privacy to companies of different sectors and sizes. Performs regular activity of dissemination through articles (over 700), books (21 between books and white papers also used as university texts, 11 collective works within the ABI LAB, Oracle Community for Security and CLUSIT), technical manuals, courses, seminars, conferences… participates in working groups to ABI LAB on Business Continuity, Risk and GDPR, ISACA-AIEA on GDPR and 263, Oracle Community for Security, UNINFO, ASSOGESTIONI and the Committee of experts for the innovation of OMAT360. He is a member of the faculty of ABI Training. He is a partner and proboviro of ISACA-AIEA Member of CLUSIT and BCI. He is certified (LA BS7799), (LA ISO IEC 27001:2013), CRISC, ISM, DPO, CBCI, AMBCI.

Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29

Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29, proposing some observations and a specific question. In particular, comments concerned the “conflict of interest”, fundamental element of which the guidelines exemplify the features in instances where the DPO role is appointed to a natural person within the company organization, although omitting… Read More »

Cybersecurity Report 2016 – Public consultation

Around a year ago, following a public consultation of more than 500 contributors, the national Cyber Security framework was published, enriched through time with new support tools: http://www.cybersecurityframework.it/contenuti-di-supporto-al-framework A year later a new public enquiry was launched, concerning safety checks of Cybersecurity Report 2016, to which its is possible participating by February 3rd 2017 visiting… Read More »

THE CERTIFICATION OF PERSONS IN GDPR

Following the complex mapping of Controller’s certification provided for by GDPR, we proceed investigating the certification of persons. From a normative point of view this topic proves very simple: THE CERTIFICATION OF PERSONS IS NOT PROVIDED or more precisely: IS NOT REQUIRED. Hence GDPR does not provide for nor require certified professional roles, not even… Read More »

Controller Organisms and Privacy Roles

DPO’s position, as is known, has among its tasks (art. 39-1b): to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in… Read More »

DPO’s guidelines have been published

Article 29 Data Protection Working Party 29 published the Guidelines on Data Protection Officers (“DPO”). These are the first of four guidelines provided for by GDPR. Full document at this address: http://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_en_40855.pdf Document concerns cases where DPO is compulsory, the position of DPO and its purposes.