One of the most frequent question asked to me is “where do we start to adapt, how / what should we do with GDPR ??” Question not too much specific, but emphasizing that companies need to understand what the new “GDPR” is and how to comply with it, so as not to incur in its… Read More: GDPR: where’s the starting point? »
The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More: Cyber Crime and Compliance at Milan Politecnico »
By 25th may 2018, the controller and the processor, as required by Article 37 of the GDPR – General Data Protection Regulation, shall designate a data protection officer in three specific cases: a) where the processing is carried out by a public authority or body; b) where the core activities of the controller or the… Read More: DPO and organizational models in the company »
The new right to data portability (art. 20 GDPR) shall also apply to health data. This interpretation is clearly illustrated in the recent Guidelines on the right to data portability, issued by the WP 29 on December, 13 2016. At point III, the Guidelines states three necessary conditions to apply the right: personal data concerning… Read More: Data Portability impact on healthcare facilities »
The text of the new Regulation on Personal Data Protection contains explicit references to the concept of “accountability”, a concept not expressly contained in Directive 95/46/EC, but partially anticipated by the Art. 29 Data Protection Working Party in Opinion no. 3/2010. Primarily, art. 5 of the GDPR identifies the Data Controller as the person responsible… Read More: Accountability in the General Data Protection Regulation »
Few days ago at the Polytechnic of Milan, in the Aula Magna Carassa – Dadda, Campus Bovisa attended by nearly 450 people, it has been held an extremely interesting conference. During the event emerged – even if incidentally – a short debate on the “right to be forgotten” and its usefulness / viability (here for… Read More: When the “right to be forgotten” is an opportunity »
Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More: GDPR guest star at Politecnico University »
Today in some States there is the opt-out option for the use of public data for the purpose of direct marketing. In some case, data subjects need to declare their right not to be called on telephone numbers on public directories. The new Privacy european regulation (GDPR) does not allow this procedure. Explicit consent need… Read More: Direct marketing »
On 10 January last the European Commission presented a proposal for a Regulation (hereafter, the “Regulation”) concerning the processing of personal data and the protection of private life in the electronic communications, and aimed at repealing Directive 2002/58/EC (hereafter, “ePrivacy Directive”). This proposal for a Regulation updates the legislation currently in force, providing better protection… Read More: THE PROPOSAL FOR A REGULATION ON PRIVACY AND ELECTRONIC COMMUNICATIONS… »
The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More: Costs and security »