(Italiano) Contitolari, Responsabili, la responsabilità solidale, il danno risarcibile e l’azione di regresso
WAITING FOR TRANSLATION
Category Archives: Roles and Liabilities
GDPR in practice
Everybody is talking about GDPR in every session at Security Summit this year, whatever the topic, but in practice what companies are doing to get prepared? Alessandro Vallega started from here to introduce the conference dedicated by Europrivacy to the new European Regulation, on the second day of the Summit organized by Clusit in Milan.… Read More »
How to engage processors
Articles 28 and 29 of the GDPR require a “by a contract or other legal act” in order to engage a processor. Such document must include: the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects; the confidentiality agreement; assurance that… Read More »
Terminology differences between D.lgs 196/2003 and GDPR Regulation (EU) 2016/679
One of the benefits introduced by GDPR is about conforming the terminology at European level. But it is verifiable a disadvantage related to the figures involved, leaving the Italian scheme of D. Lgs. 196/2003 and considering the linguistic difference. Lgs.196/2003 … Read More »
Transparent information: a right of the data subject, not bureaucracy
Article. 12 of GDPR “Transparent information, communication and modalities for the exercise of the rights of the data subject” obliges the holder to provide to the data subjects with all necessary information, in a concise, comprehensible and easily accessible, with a simple and clear language, in particular in the case of information aimed specifically at… Read More »
Mandatory appointment of Data Protection Officer: the Working Party’s position pursuant to art. 29
On 13 December 2016 the European Data Protection Supervisor (Working Party – WP29) issued three documents containing information and recommendations on important novelties on Regulation (right to data portability, D.P.O., Leading Authority), in view of its application, effective from May 25, 2018. With regard to the Data Protection Officer, the guidelines first highlight that the… Read More »
Cyber Crime and Compliance at Milan Politecnico
The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More »
Accountability in the General Data Protection Regulation
The text of the new Regulation on Personal Data Protection contains explicit references to the concept of “accountability”, a concept not expressly contained in Directive 95/46/EC, but partially anticipated by the Art. 29 Data Protection Working Party in Opinion no. 3/2010. Primarily, art. 5 of the GDPR identifies the Data Controller as the person responsible… Read More »
GDPR guest star at Politecnico University
Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »
Costs and security
The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More »