One of the faults of the current legislation, that has been maintained in GDPR, is the use of the same term for both the internal data processors in an organization (usually managers or officials) or external ones (generally outsourcers companies or service providers). Leaving out the current consequences of these definitions we take into account… Read More »
When the Brexit referendum will be put in concrete actions, Great Britain will be subjected to the Chapter V of the Regulation, which defines the rules for data transfer outside UE. According to point 1 of Article 45 “A transfer of personal data to a third country or an international organisation may take place where… Read More »
One of the possible future consequences of the entry into force of the GDPR will be the likely disappearance of minimum measures, a well-defined list of security measures that surely had the merit of spreading the knowledge of basic security concepts. The concept of minimum measures was properly introduced to avoid that with a simple… Read More »
On May 24, 2016, the European Data Protection Supervisor (“EDPS”) presented its 2015 Annual Report. It provides an overview of the EDPS’ activities developed in 2015 and highlights key priorities for 2016. Of course, the EDPS focused on ensuring the adoption of a new and effective data protection framework. Moreover, a considerable attention is devoted to the high… Read More »
Opening the meeting today at the Cloud Security Summit, the President of CSA Italy, Alberto Manfredi wanted to give out two “take aways”: # 1 Privacy was an obstacle to enterprise data porting into the cloud; we can say that now it is no longer so, because we have the technical and legal instruments for… Read More »
We can go on discussing about the role and collocation of the Data Protection Officer within the company, considering the new European Privacy Regulation. And we will. But when Luca Bolognini takes a stand, then the chatter end. Tuesday, 10/05 in Turin for the conference “The European Regulation Policy inside the Company” organized by Sistemi… Read More »
The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More »
A substantial difference between the GDPR and the current 196/03 legislation regards the obligations for the Data Controller and Data Processor to guarantee continuous access to data. The current privacy legislation takes care of the issue mainly in Appendix B, where the minimum measure number 23 reads (cites): 23. Appropriate measures are taken to ensure… Read More »
Wednesday May 4th, 2016 General Data Protection Regulation has been PUBLISHED in the Official Journal of the European Union “May the 4th” be with you! Following are the steps which led to the GDPR approval (see also: Overview of roadmap for General Data Protection Regulation). Step 1 – Proposal (European Commission) On January 25… Read More »
Architecture of GDPR as an answer to the modern need for a sustainable development of technological dynamics. Twenty years ago, the first Personal Data Protection Law entered into force in Italy. Since then, both the complexity of the regulations and the public awareness have been growing wide, same pace with the thriving technological progress. Nowadays… Read More »