Clinical trials and GDPR

Clinical trials data are the ones more frequently processed by pharma and medical device companies: trial centers are also involved in this data processing. Under the data protection legislation, pharma and medical device companies are controllers and trial centres are processor, most of the time. But these roles are not always clear. In the WP… Read More: Clinical trials and GDPR »

The authentication process in Personal Health Record service

From a privacy perspective, SPID – Italian Public Service for Digital Identity is compliance with GDPR, because is a precaution to protect personal data (Art. 32). Currently, in many online Personal Health Record services, is possible to perform the authentication by Level 2 of ISO / IEC DIS 29115 (Level of Assurance 3 (LoA3)) and… Read More: The authentication process in Personal Health Record service »

Article 29 Data Protection Working Party Guidelines on Data Protection Impact Assessment (DPIA)

Last April 4, the Article 29 Data Protection Working Party (WP 29) has adopted Guidelines on Data Protection Impact Assessment, first of all defining common criteria for all data controllers, which can support the identification of processing operations that require to carry out a data protection impact assessment. This because it is not compulsory in… Read More: Article 29 Data Protection Working Party Guidelines on Data Protection… »

A checklist to adapt to GDPR

Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance. As with all summaries, of course,… Read More: A checklist to adapt to GDPR »