One of the faults of the current legislation, that has been maintained in GDPR, is the use of the same term for both the internal data processors in an organization (usually managers or officials) or external ones (generally outsourcers companies or service providers). Leaving out the current consequences of these definitions we take into account… Read More: THE INTERNAL DATA PROCESSOR AND THE GDPR »
When the Brexit referendum will be put in concrete actions, Great Britain will be subjected to the Chapter V of the Regulation, which defines the rules for data transfer outside UE. According to point 1 of Article 45 “A transfer of personal data to a third country or an international organisation may take place where… Read More: GRDP and Brexit »
One of the possible future consequences of the entry into force of the GDPR will be the likely disappearance of minimum measures, a well-defined list of security measures that surely had the merit of spreading the knowledge of basic security concepts. The concept of minimum measures was properly introduced to avoid that with a simple… Read More: A change of culture »
On May 24, 2016, the European Data Protection Supervisor (“EDPS”) presented its 2015 Annual Report. It provides an overview of the EDPS’ activities developed in 2015 and highlights key priorities for 2016. Of course, the EDPS focused on ensuring the adoption of a new and effective data protection framework. Moreover, a considerable attention is devoted to the high… Read More: European Data Protection Supervisor Publishes 2015 Annual Report »
Opening the meeting today at the Cloud Security Summit, the President of CSA Italy, Alberto Manfredi wanted to give out two “take aways”: # 1 Privacy was an obstacle to enterprise data porting into the cloud; we can say that now it is no longer so, because we have the technical and legal instruments for… Read More: Privacy and Security at the days of the Cloud »
We can go on discussing about the role and collocation of the Data Protection Officer within the company, considering the new European Privacy Regulation. And we will. But when Luca Bolognini takes a stand, then the chatter end. Tuesday, 10/05 in Turin for the conference “The European Regulation Policy inside the Company” organized by Sistemi… Read More: More on the DPO role (and what about the DPD?) »
The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More: DPO: better a service or an employee? »
A substantial difference between the GDPR and the current 196/03 legislation regards the obligations for the Data Controller and Data Processor to guarantee continuous access to data. The current privacy legislation takes care of the issue mainly in Appendix B, where the minimum measure number 23 reads (cites): 23. Appropriate measures are taken to ensure… Read More: DISASTER RECOVERY IS BECOMING AN OBLIGATION FOR ALL? »
Wednesday May 4th, 2016 General Data Protection Regulation has been PUBLISHED in the Official Journal of the European Union “May the 4th” be with you! Following are the steps which led to the GDPR approval (see also: Overview of roadmap for General Data Protection Regulation). Step 1 – Proposal (European Commission) On January 25… Read More: GDPR has been published in the Official Journal of the… »
Architecture of GDPR as an answer to the modern need for a sustainable development of technological dynamics. Twenty years ago, the first Personal Data Protection Law entered into force in Italy. Since then, both the complexity of the regulations and the public awareness have been growing wide, same pace with the thriving technological progress. Nowadays… Read More: WHY GDPR? »