Category Archives: Impact, Risk and Measures

The French Data Protection Authority publishes its PIA manual

New guides for carrying out PIAs (Privacy Impact Assessments) have been published by the CNIL. The method will help data controllers to implement Privacy by design. A PIA (Privacy Impact Assessment) relies on two pillars: – The fundamental principles and rights, “non-negotiable”, fixed by law and that have to be complied with. They may -not… Read More »

About security of the processing

The Amendment 124, Proposal for a regulation, Article 30 states: 1.  The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing, taking into account the results of a data protection impact assessment (…), having regard to the state of the art and… Read More »

New EU Regulation requires a more structured approach to personal data security

The New Regulation, through the art. 30 and 33, implicitly stresses the concept of “process for security management”, imposing an holistic and risk-based approach to the protection of personal data that takes into account important technological and behavioral changes happened in the last few years (Cloud, Big Data, Social Networks, right to oblivion, right to data… Read More »

Impact, Risk and Measures

Regulation states that Privacy Impact Assessment is the first step of a company’s security strategy, that consequentially enhances the analysis of risks related to personal data processing and security measures adopted to protect information. More than setting specific security measures, the Regulation requires the Controller to implement organizational and technical processes to identify, reduce and mitigate risks… Read More »