Give the citizen a reliable health data, secure and easy to use is not possible without an overview of all the business processes. These can be standardized and simplified if the critical issues are identified, evaluated and removed. In the conduct of information security governance, healthcare organizations can make use of the methodological approach of… Read More »
The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More »
Regulation no. 679/2016 introduces a regulatory framework entirely focused on the duties and “accountability” of the Data Controller, reversing the perspective of the reference framework for personal data protection. Directive 95/46/EC, in fact, was entirely centered on the rights of the data subject, whereas the text of the new Regulation is mainly developed on processes,… Read More »
Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »
The personal health data are the set of information useful to reveal the state of health of a person and consist of personal medical history, results of instrumental and laboratory tests, diagnostic images, medical reports and other sensitive information. The nature of this data is to be at the center of the activities of health… Read More »
Art. 24 Sanctions of the Directive 95/46 recital “The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.” did not gave any specific criteria to… Read More »
Sorry, this entry is only available in Italiano.
As is well known the GDPR provides no clear guidance on how to demonstrate its own conformity and this poses a number of non banal challenges to entities that process personal data. Between various possible tools that could be considered (while awaiting more detailed guidelines) there is the use of a series of measurable parameters… Read More »
During last years there has been an increase on variety and amount of data available, a development of channels to access data and a business globalization. This situation has created a data governance and compliance complexity, besides a growth of potential threats to confidentiality requirements, integrity and availability of information. In this context the need… Read More »
Changing the DNA of the companies The new privacy rules force the companies to change organization, processes and mindset. They provides not only technical implementations, but organizational changes by the use of a proactive and predictive approach. Despite the degree of perception on privacy issues has increased over the years, the old organizational model has… Read More »