Many clients of mine (public and private hospital, pharma and medical device companies..) are thinking to appoint an internal ICT Manager as DPO. I guess this decision could not be in compliance with the GDPR requirements for the reasons below. The GDPR art. 37 states that: The data protection officer shall be designated on the… Read More: Who can do Data Protection Officer? »
One of the most frequent question asked to me is “where do we start to adapt, how / what should we do with GDPR ??” Question not too much specific, but emphasizing that companies need to understand what the new “GDPR” is and how to comply with it, so as not to incur in its… Read More: GDPR: where’s the starting point? »
The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More: Cyber Crime and Compliance at Milan Politecnico »
After more than a year of work, the draft of a national UNI/UNINFO standard defining profiles and competences of data protection and processing professionals reached its final public inquiry stage. One of the declared goals is to bring common, shared rules to avoid a “far west” effect on a market already crowded by proprietary initiatives,… Read More: Data Protection Officer, close to a unified certification scheme …… »
Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29, proposing some observations and a specific question. In particular, comments concerned the “conflict of interest”, fundamental element of which the guidelines exemplify the features in instances where the DPO role is appointed to a natural person within the company organization, although omitting… Read More: Europrivacy has contributed to the public consultation concerning DPO’s guidelines… »
WAITING FOR TRANSLATION
The old story of the conflict between Microsoft and a US Federal Judge concerning the access to emails stored in a server located in Ireland is still going on. The key point is the following: do the US Authorities have the right to access data stored on servers owned by a US Company regardless of… Read More: Private data protection: Microsoft, the EU and the US Supreme… »
By 25th may 2018, the controller and the processor, as required by Article 37 of the GDPR – General Data Protection Regulation, shall designate a data protection officer in three specific cases: a) where the processing is carried out by a public authority or body; b) where the core activities of the controller or the… Read More: DPO and organizational models in the company »
Several developments for the professional certifications (DPOs among them) and for controller/processor certification are being built. Which one of them will win the race is still not so clear … let’s try to assess the situation (italian only): Il dpo e gli schemi di certificazione dei trattamenti from Fabio Guasconi
Among the speeches at the GDPR conference held at Politecnico University in Milan on 17/1 (see HERE for full report), particularly enlightening i found the one by Sergio Fumagalli (Coordinator of Europrivacy), dedicated to the impact of GDPR on SMEs. The reasoning was prompted by the need to contextualize the application of regulations to the… Read More: A “sustainable and effective” Privacy for SMEs »