Author Archives: Enrico Toso

About Enrico Toso

IT Regulatory, Risk and Control Specialist As Information security and risk expert I have been heading analysis and management projects aiming to achieve compliance to recent Data Protection Authority Provision (also called “Provvedimento Garante II”) and to Bank of Italy Provision “Disposizioni di Vigilianza” (upd.15 - enforced under Circular 263/06) mainly to assure an appropriate Data Governance level and an integration between the ICT and the Operational Risk approach.. Also active member in analysis and research interbank groups on data protection, data leakage, risk prevention, information frauds countermeasures and ICT regulatory compliance for the financial industry.

Data Protection compared to Data Governance: are there underlying implications ?

The customer data protection needs to be included under the logics inspiring the principles and measures of Data Governance. In this sense, the measures to protect customers’ personal data can only be effective if they follow the same principles that drive the measures to corporate Data Governance. A healthy setting of Data Governance rules is… Read More »

Is a retrofitting enough to make current solutions compliant?

We are often tempted to reuse a significant portion of existing solutions and processes when information systems are forced to adhere to new regulatory requirements. This is usually not prevented and indeed advisable in many cases; nevertheless in the case of the new GDPR any simple and hasty approach would seem unsuitable and misleading. This especially… Read More »

What can make Privacy-by-Design possible

We daily have the chance to experience the meaning of Privacy by Design or, more generally, of Compliance by Design. Corporate operational processes are unquestionably fully automated through information technology solutions and much was made to enhance the quality in designing and developing applications and infrastructural solutions. Also, beyond the usual development roles, it is… Read More »

Same Old Stories?

Do you remember the old fashioned DPS (Documento Programmatico per la Sicurezza)? When it was removed from the minim​um​ required measures, the Italian Regulator didn’t mean that companies could abandon the analysis over ​the ​different kinds of data processing, the definition of the inherent risks and the measures to mitigate them. ​Actually, companies ​merely aiming to formally ​satisfy requirements… Read More »

Is DPO recent downgrade a real understatement?

Is the DPO role requirement downgrade, out of the recent EP position and Council General Approach (15/06/2015), a real understatement or a need for an intermediate shorter but common step ahead for all Member States? The Data Protection matter seems affected by annoyance and embarrassment both on the side of single individuals, which should feel themselves… Read More »