Clinical trials data are the ones more frequently processed by pharma and medical device companies: trial centers are also involved in this data processing. Under the data protection legislation, pharma and medical device companies are controllers and trial centres are processor, most of the time. But these roles are not always clear. In the WP… Read More »
Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance. As with all summaries, of course,… Read More »
The GDPR was born one year ago (on the 27th April, published on GUE on 4th May 2016) and many have not yet outlined an adjustment plan. There is only one year left to comply to (the deadline is established on 25th May 2018). Some data protection authority of each EU Member State have published… Read More »
Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »
Turning to the provisions of the GDPR at issue, it is necessary to underline that art. 9, para. 2, letter e) constitutes an exception to the general principle that sets forth in an absolute prohibition on the processing of personal data belonging to the specific categories indicated paragraph 1: in summary, the provision states that… Read More »
GDPR art. 9, entitled “Processing of special categories of personal data”, after having setting forth the general rule, specifically that “1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a… Read More »
Comments seem to appreciate the GDPR: consulting companies think of the huge amount of services that top enterprises will require; tech vendors follow. Here is the point: large banks, top insurances, international B2C operators, Telcos, large internet players, these are the ones that are expected to comply. Or to have to comply. But this is… Read More »
As is well known the GDPR provides no clear guidance on how to demonstrate its own conformity and this poses a number of non banal challenges to entities that process personal data. Between various possible tools that could be considered (while awaiting more detailed guidelines) there is the use of a series of measurable parameters… Read More »
On May 24, 2016, the European Data Protection Supervisor (“EDPS”) presented its 2015 Annual Report. It provides an overview of the EDPS’ activities developed in 2015 and highlights key priorities for 2016. Of course, the EDPS focused on ensuring the adoption of a new and effective data protection framework. Moreover, a considerable attention is devoted to the high… Read More »
The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More »