Current Directive 95/46/EC does not regulate sub-processing. A controller can choose a processor, but a processor cannot choose a sub-processor. As a result, many processors chose sub-processors and designated them as their own processors. These cases should have been discussed in the last 20 years, considering that supply chains are getting longer. The last GDPR… Read More »
“Friends call it GDPR” was the title of the conference held by Europrivacy last week within Security Summit, organized by Clusit this year as well. After the introduction of Alessandro Vallega the speaker were Jonathan Brera (KPMG), Andrea Gaglietto (Protiviti) and Andrea Reghellin (P4I). The panel that followed the presentations was also attended by Stefano… Read More »
I say it now, it’s not that I’m nostalgic of the three-tiers organization (titolare, responsabile, incaricato) typical of the Italian national privacy legislation. Everybody said that with GDPR we will go back to the European binary model, with DATA CONTROLLER (responsabile) and DATA PROCESSOR (incaricato). Both roles can be natural or legal persons and appear… Read More »
Within the EUROPRIVACY #Ready4EUDataP workshop, held on january 26 and dedicated to the practical consequences of the new EU General Data Protection Regulation, I found a special interest in the topic concerning the role of the Data Protection Officer, discussed in the speech of Biagio Lammoglia with Fabio Guasconi. Various aspects have been taken into… Read More »
Next week, within Security Summit, the most important Security Conference in Italy, some of the contributors of this web site, present and discuss about Data Breach, Data Protection by Design and Roles and Responsibilites. Per gli amici si chiama GDPR March 16th, at 11.30 AM Also, the next day, AUSED with other contributors and guests, will discuss about GDPR… Read More »
On February, 29 the European Commission issued the legal texts that will put in place the EU-U.S. Privacy Shield and a Communication summarising the actions taken over the last years to restore trust in transatlantic data flows since the 2013 surveillance revelations. The Commission has (i) finalised the reform of EU Data protection rules, which… Read More »
Last December, the Commission of the EU Parliament in charge approved the final text of the new General Data Protection Regulation (GDPR) thus closing the negotiation among EU Parliament, Commission and Council (the so called trilogue). Now only some formal approval steps are still missing to have it in force. Steps that shoul be completed… Read More »
Europrivacy.info is organizing a meeting to start talking and working on the recently approved text of the GDPR on January 29 in Milan. This is just a “save the date”: more info will follow soon.
While waiting for the official announcement from the EU Council, expected by next week, hereafter there is a link to the final version of the GDPR which was agreed upon yesterday: last version
Data Protection Officer is mandatory, again. Article 35 of the latest version of GDPR states that “The controller and processor shall designate a data protection officer in any case where: […] “. To clearly understand which controllers and processors are included in such categories, the local language versions – and perhaps some comments – are needed. Controller… Read More »