Category Archives: Codes of conduct and certification

Certification and liability of the data controller

This paper aims to analyse a tool of the so-called “soft law”, that is the certification in the field of data protection. Art. 42, paragraph 2 of EU Regulation 2016/679 defines certification as voluntary. However, it is, more appropriately, a regulated certification, since it is based on rules issued by official institutions: particularly, certification criteria… Read More »

What are standardization action to comply with art. 42 of EU Regulation 679/16?

Article 42 of EU Regulation 679/16 on Data Protection states: ” The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations… Read More »

Monitoring of approved codes of conduct

Let us assume for a moment that we have a perfect code of conduct, the best that you could ever write, already approved, recorded and released by the supervisory authority, and so – at this point – you should only “hope” that itwill be adopted by users for which it was drawn. Here, we imagine… Read More »

GDPR in practice

Everybody is talking about GDPR in every session at Security Summit this year, whatever the topic, but in practice what companies are doing to get prepared? Alessandro Vallega started from here to introduce the conference dedicated by Europrivacy to the new European Regulation, on the second day of the Summit organized by Clusit in Milan.… Read More »

A “sustainable and effective” Privacy for SMEs

Among the speeches at the GDPR conference held at Politecnico University in Milan on 17/1 (see HERE for full report), particularly enlightening i found the one by Sergio Fumagalli (Coordinator of Europrivacy), dedicated to the impact of GDPR on SMEs. The reasoning was prompted by the need to contextualize the application of regulations to the… Read More »


Following the complex mapping of Controller’s certification provided for by GDPR, we proceed investigating the certification of persons. From a normative point of view this topic proves very simple: THE CERTIFICATION OF PERSONS IS NOT PROVIDED or more precisely: IS NOT REQUIRED. Hence GDPR does not provide for nor require certified professional roles, not even… Read More »

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »