Pursuant to article 35 c. 5 of the General Data Protection Regulation (Regulation COM(2012)11), Data Protection Officer (DPO) must have professional qualities and, in particular, expert knowledge of data protection law and practices and ability to fulfill the tasks referred into the following article 37. This would means that the level of required expert knowledge… Read More »
The Controller is required to appoint a Data Protection Officer (DPO), based on the candidate’s professional skills, on his deep knowledge of data protection law and practices, and according to the type of operations carried out and the protection required for processed personal data. DPO is a key role in the pyramid of data protection actors. This… Read More »
Regulation requires, as prescribed by art. 78, every Member State to lay down rules on penalties applicable to infringements of the Regulation. Differently, pursuant to the next art. 79, supervisory authorities shall impose administrative fines, depending on the specific unlawful action committed: from 250,000 EUR or 0.5% of the annual worldwide turnover of an enterprise,… Read More »
The Regulation introduces the concept of “privacy by design”. Pursuant to art. 23 of the Regulation, the Controller shall implement appropriate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. This principle is… Read More »
The Regulation requires the Controller to notify, without undue delay, the personal data breach to the supervisory authority. Whenever the personal data breach is likely to adversely affect the protection of the personal data, the privacy, the rights or the legitimate interests of the data subject, the Controller must also communicate the personal data breach to the data… Read More »
Regulation states that Privacy Impact Assessment is the first step of a company’s security strategy, that consequentially enhances the analysis of risks related to personal data processing and security measures adopted to protect information. More than setting specific security measures, the Regulation requires the Controller to implement organizational and technical processes to identify, reduce and mitigate risks… Read More »
In essence, the main subjects are still the Controller and Processor, together with the Data Subject but a new figure appeared between Controller and Processor, the Data Protection Officer (see the specific category), as expert counselor on data protection issues. Pursuant to art. 77 of the Regulation, any person who has suffered damage as a result of unlawful… Read More »
After a long consultation, on the 25th of January 2012, the Commission published the first draft of the proposal for a Regulation on the protection of individuals with regard to the processing of their personal data and on the free movement of such data (General Data Protection Regulation). The ordinary legislative procedure is still pending. The… Read More »