Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »
DPO’s position, as is known, has among its tasks (art. 39-1b): to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in… Read More »
In mid December the Italian Data Protection Authority (hereafter IDPA) in the framework of information items aimed to the raise of awareness in the privacy, edited a new schedule about phishing Phishing is a form of scam made on the Internet through deception of users, and is an unlawful technique used to steal confidential information… Read More »
The personal health data are the set of information useful to reveal the state of health of a person and consist of personal medical history, results of instrumental and laboratory tests, diagnostic images, medical reports and other sensitive information. The nature of this data is to be at the center of the activities of health… Read More »
The GDPR Article 20 introduces a new right to “data portability” to enable data qwners to easily move or copy their personal data to another environment . The Opinion of the WP29 clarifies the conditions of application and provides concrete examples to explain the circumstances in which this right applies. The Opinion states that this… Read More »
Out of the 4 guidelines promised by the FabLab by year-end, the WP29 adopted on December 13 the first one, dedicated to the role of the DPO. It does not obviously contain new regulations but interpretations, examples and best practices, highly desirable because (as stated by the WP29 itself) the GDPR contains several ambiguities. I… Read More »
Article 29 Data Protection Working Party 29 published the Guidelines on Data Protection Officers (“DPO”). These are the first of four guidelines provided for by GDPR. Full document at this address: http://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_en_40855.pdf Document concerns cases where DPO is compulsory, the position of DPO and its purposes.
We are not obviously talking about technical roles, endowed with administrative privileges, but rather about roles stated with Decision of Italian DPA: Measures and precautions prescribed to data controllers of electronic processes concerning functions of the system administrator – November 27 2008 and subsequently modified with decision on June 25th 2009. Such Decision, as is… Read More »
The European Commission website, in the Article 29 working party page, reports the list of the enterprises that completed the approval process of the BCR according to article 47. The list doesn’t show a reference date and this is certainly remarkable but the most relevant thing is that among the 80+ companies reported in the… Read More »
Germany has released the second draft of a rule implementing the GDPR, which will replace the current national Privacy legislation Bundesdatenschutzgesetz (BDSG), setting alongside the GDPR itself. According to the Regulation, member states may legislate on specific matters, while respecting the general principles set out in the Regulation: Germany apparently is already doing it. In… Read More »