Category Archives: Impact, Risk and Measures

The Health Technology Assessment (HTA) approach

Give the citizen a reliable health data, secure and easy to use is not possible without an overview of all the business processes. These can be standardized and simplified if the critical issues are identified, evaluated and removed. In the conduct of information security governance, healthcare organizations can make use of the methodological approach of… Read More »

Costs and security

The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More »

The principle of accountability as anticipated by the article 29 Data Protection Working Party

Regulation no. 679/2016 introduces a regulatory framework entirely focused on the duties and “accountability” of the Data Controller, reversing the perspective of the reference framework for personal data protection. Directive 95/46/EC, in fact, was entirely centered on the rights of the data subject, whereas the text of the new Regulation is mainly developed on processes,… Read More »

BODY IN CHARGE OF VIGILANCE AND CONTROL AND PRIVACY ROLES: GENERAL EVALUATION AND FIRST CONSIDERATIONS ON DPO’S PROCESSINGS.

Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »

Privacy risks related to technological and organizational obsolescence in healthcare

The personal health data are the set of information useful to reveal the state of health of a person and consist of personal medical history, results of instrumental and laboratory tests, diagnostic images, medical reports and other sensitive information. The nature of this data is to be at the center of the activities of health… Read More »

Fines are higher for individual rights violations rather than poor data protection

Art. 24 Sanctions of the Directive 95/46 recital “The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.” did not gave any specific criteria to… Read More »

MEASURE THE CONFORMITY

As is well known the GDPR provides no clear guidance on how to demonstrate its own conformity and this poses a number of non banal challenges to entities that process personal data. Between various possible tools that could be considered (while awaiting more detailed guidelines) there is the use of a series of measurable parameters… Read More »

DATA PROTECTION BY DESIGN AND BY DEFAULT: EVOLUTION AND IMPLICATIONS

During last years there has been an increase on variety and amount of data available, a development of channels to access data and a business globalization. This situation has created a data governance and compliance complexity, besides a growth of potential threats to confidentiality requirements, integrity and availability of information. In this context the need… Read More »