Regulation no. 679/2016 introduces a regulatory framework entirely focused on the duties and “accountability” of the Data Controller, reversing the perspective of the reference framework for personal data protection. Directive 95/46/EC, in fact, was entirely centered on the rights of the data subject, whereas the text of the new Regulation is mainly developed on processes,… Read More »
Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »
DPO’s position, as is known, has among its tasks (art. 39-1b): to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in… Read More »
In mid December the Italian Data Protection Authority (hereafter IDPA) in the framework of information items aimed to the raise of awareness in the privacy, edited a new schedule about phishing Phishing is a form of scam made on the Internet through deception of users, and is an unlawful technique used to steal confidential information… Read More »
Out of the 4 guidelines promised by the FabLab by year-end, the WP29 adopted on December 13 the first one, dedicated to the role of the DPO. It does not obviously contain new regulations but interpretations, examples and best practices, highly desirable because (as stated by the WP29 itself) the GDPR contains several ambiguities. I… Read More »
Article 29 Data Protection Working Party 29 published the Guidelines on Data Protection Officers (“DPO”). These are the first of four guidelines provided for by GDPR. Full document at this address: http://ec.europa.eu/information_society/newsroom/image/document/2016-51/wp243_en_40855.pdf Document concerns cases where DPO is compulsory, the position of DPO and its purposes.
We are not obviously talking about technical roles, endowed with administrative privileges, but rather about roles stated with Decision of Italian DPA: Measures and precautions prescribed to data controllers of electronic processes concerning functions of the system administrator – November 27 2008 and subsequently modified with decision on June 25th 2009. Such Decision, as is… Read More »
The European Commission website, in the Article 29 working party page, reports the list of the enterprises that completed the approval process of the BCR according to article 47. The list doesn’t show a reference date and this is certainly remarkable but the most relevant thing is that among the 80+ companies reported in the… Read More »
Within analysis of the system of sanctions in GDPR, focus is usually set on the significant figures provided for by article 83, which succeeds reaching Controllers and Processors with administrative fines up to 20 millions euro or up to 4% of global annual turnover. Article 83 General conditions for imposing administrative fines … 4. Infringements… Read More »
Sorry, this entry is only available in Italiano.