Author Archives: Giancarlo Butti

About Giancarlo Butti

Deals with ICT, organization and legislation since the early 80s covering different roles: security manager, project manager, auditor at banking groups, consultant in security and privacy to companies of different sectors and sizes. Performs regular activity of dissemination through articles (over 700), books (21 between books and white papers also used as university texts, 11 collective works within the ABI LAB, Oracle Community for Security and CLUSIT), technical manuals, courses, seminars, conferences… participates in working groups to ABI LAB on Business Continuity, Risk and GDPR, ISACA-AIEA on GDPR and 263, Oracle Community for Security, UNINFO, ASSOGESTIONI and the Committee of experts for the innovation of OMAT360. He is a member of the faculty of ABI Training. He is a partner and proboviro of ISACA-AIEA Member of CLUSIT and BCI. He is certified (LA BS7799), (LA ISO IEC 27001:2013), CRISC, ISM, DPO, CBCI, AMBCI.

A risk assessment model regarding the personal data processing in electronic communications

Announcing the publication in the “La Comunicazione – Note, Recensioni e Notizie” magazine 2015 (Istituto Superiore delle Comunicazioni e delle Tecnologie dell’Informazione) of an article : Un modello per la valutazione dei rischi relativamente al trattamento dei dati personali nelle comunicazioni elettroniche (A risk assessment model regarding the personal data processing in electronic communications) by Alberto… Read More »

The rights of data subjects: the current situation

The new UE Regulation on privacy introduced some rights for data subjects, such as oblivion, which have caused at the same time praise and concern (either for the effort required to Holders to guarantee them or for fear that important information can be lost, for example for the assessment of the reliability of a creditor).… Read More »

Genetic data, biometric data, data concerning health…

The General Data Protection Regulation (the text of June 2015) follows the contents already present in the Dlgs 196/03 regarding sensitive data and data concerning health and does it in: article 4 – Definitions (12) ‘data concerning health’ means data related to the physical or mental health of an individual, which reveals information about his… Read More »

THE SCOPE OF MATERIAL APPLICATION: THE LIMITS

The General Data Protection Regulation (the text of June 2015) defines the scope of material application as provided by the law in force, in observation of section 3: This Regulation applies to the processing of personal data, entirely or partly automated and to the processing of personal data not automated contented in a record or… Read More »

Towards a Data Protection Governance Framework

The evolution in legislation is linked to: An increased awareness and maturity (the directive is 20 years old) The need for greater rules flexibility, being able to adapt them to the cultural and technological context and evolution The need to consider the size and type of organizations and the personal data processing related risk The new… Read More »

Data Controller, Data Processor, Joint Controller

The new EU Regulation provides for the existence of different roles involved in the processing of personal data : • Data Controller • Controller ‘s representative • Data Processor • Joint Controller reflecting , in principle , similar figures in the current legislation . As already noted in the post of Andrea Reghelin one of… Read More »