GDPR (Privacy European Regulation) does not require “notification to the supervisory authority” for special data processings. Such notification was required by previous Directive 95/46/CE. In fact, notification of special processing processings is considered an obsolete tool and, as written in introductory clause 89, “did not in all cases contribute to improving the protection of personal… Read More »
Today in some States there is the opt-out option for the use of public data for the purpose of direct marketing. In some case, data subjects need to declare their right not to be called on telephone numbers on public directories. The new Privacy european regulation (GDPR) does not allow this procedure. Explicit consent need… Read More »
European privacy Regulation (GDPR, Reg. UE 679/2016) requires, in article 35, that controllers carry out, in some special cases, a Data protection impact assessment (usually known as Privacy impact assessment or, shortly, PIA), that is, a document reporting a risk assessment related to processing operations. PIA is required in the case of: a systematic and… Read More »
The principle of Privacy by Design introduced by General Data Protection Regulation (GDPR) requires firms and public administrations to adopt a proactive and not merely reactive approach to personal data protection, rendering necessary to provide operative procedures, configurations and safety measures safeguarding confidentiality, integrity and availability of personal data (RID) “by default”, meaning in the… Read More »
Give the citizen a reliable health data, secure and easy to use is not possible without an overview of all the business processes. These can be standardized and simplified if the critical issues are identified, evaluated and removed. In the conduct of information security governance, healthcare organizations can make use of the methodological approach of… Read More »
The customer data protection needs to be included under the logics inspiring the principles and measures of Data Governance. In this sense, the measures to protect customers’ personal data can only be effective if they follow the same principles that drive the measures to corporate Data Governance. A healthy setting of Data Governance rules is… Read More »
On 10 January last the European Commission presented a proposal for a Regulation (hereafter, the “Regulation”) concerning the processing of personal data and the protection of private life in the electronic communications, and aimed at repealing Directive 2002/58/EC (hereafter, “ePrivacy Directive”). This proposal for a Regulation updates the legislation currently in force, providing better protection… Read More »
The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More »
The WP29 adopted on December 13 a guideline, in order to better defining to the role of the DPO in the GDPR. WP29 DPO Guideline, at 3.5. point states that: Article 38(6) allows DPOs to ‘fulfil other tasks and duties’ but ‘any such tasks and duties do not result in a conflict of interests’. WP29… Read More »
Regulation no. 679/2016 introduces a regulatory framework entirely focused on the duties and “accountability” of the Data Controller, reversing the perspective of the reference framework for personal data protection. Directive 95/46/EC, in fact, was entirely centered on the rights of the data subject, whereas the text of the new Regulation is mainly developed on processes,… Read More »