The Regulation reinforces the responsibilities of Data Controller and requires evidence that the treatment carried out complies, from the early stages, with all the provisions of the Regulation. The Data Controller is also required to keep documentation of the treatments carried out under its responsibility, mandatorily indicating, for each of them, the information that ensure… Read More »
The Regulation provides for the possibility for Data Controllers and Data Processors to use certification, i.e. services designed to provide reliable evidence of compliance in terms of data protection (definition, implementation and review of appropriate measures). Regarding the Processor, the text provides that the guarantees that the Processor must provide to be appointed as such… Read More »
There is a frequent error about the conviction that the privacy impact assessment (also known as Data Protection Impact Assessment DPIA but hereafter named just PIA) is a new topic introduced only from the prevision of regulatory or by some member state regulation. Actually, the PIA is the base of every “privacy assessment” from the… Read More »
Amendment 188, Proposal for a regulation, Article 79 “c) a fine up to 100 000 000 EUR or up to 5% of the annual worldwide turnover in case of an enterprise, whichever is higher.” You have to read “100 million € or higher”. For Oracle, the company I work for, that would amount to 565 millions dollars, more… Read More »
Luxembourg, 15 June 2015 Justice Ministers from all of the EU-countries have agreed on the new data protection act. Heavy fines for those who do not adapt and enforcement of the right to be forgotten and over data misuse. This step allows the opening of negotiations with the Parliament, which will start from the 24th of… Read More »
The Amendment 124, Proposal for a regulation, Article 30 states: 1. The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing, taking into account the results of a data protection impact assessment (…), having regard to the state of the art and… Read More »
The New Regulation, through the art. 30 and 33, implicitly stresses the concept of “process for security management”, imposing an holistic and risk-based approach to the protection of personal data that takes into account important technological and behavioral changes happened in the last few years (Cloud, Big Data, Social Networks, right to oblivion, right to data… Read More »
Any other argument that is not within the topics Legal Framework, Roles and Liability, Data Protection Officer, Impact Risks and Measures, Data Breach, Privacy by Design and Sanctions could be written into this category.
Today personal data are the new “oil”, they are among the most interesting source of income both for organizations and criminal activities, then, it is very important and necessary to protect them. In this context, the concept of privacy by design and privacy by default, has to be considered a mandatory solution. The “privacy by… Read More »
Article 31 of the EU regulation proposal on personal data protection is aimed at making the notification of data breaches to the supervisory Authority mandatory for every controller, without undue delay. Of course, processors must notify, again without undue delay, every data breach to the controller to allow him to proceed. The communications must include at least the… Read More »