The health data are processed in a technological domain very complex, often influenced by the presence of exceptions. These exceptions to the standard management processes add cost, complexity and redundancy in the system, worsening the proper functioning of healthcare organizations. The regulatory environment also does not provide the appropriate tools to attack the critical issues… Read More »
The FabLab Group (established by WP29) drew up the summary document that will lead to issue best practices and guidelines about: the role of the DPO, Data Portability, DPIA and criteria on the Privacy Certification. As for the DPO, as you may have already had occasion to read, I am among those who support the… Read More »
The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More »
The Italian Authority for the protection of personal data has prepared an updated version of the information document about the figure of the Data Protection Officer provided by the GDPR, in the version amended following the political agreement between the European co-legislators (European Parliament and EU Council). This information document is available at the following link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4791784
Europrivacy.info is organizing a meeting to start talking and working on the recently approved text of the GDPR on January 29 in Milan. This is just a “save the date”: more info will follow soon.
Data Protection Officer is mandatory, again. Article 35 of the latest version of GDPR states that “The controller and processor shall designate a data protection officer in any case where: […] “. To clearly understand which controllers and processors are included in such categories, the local language versions – and perhaps some comments – are needed. Controller… Read More »
Do you remember the old fashioned DPS (Documento Programmatico per la Sicurezza)? When it was removed from the minimum required measures, the Italian Regulator didn’t mean that companies could abandon the analysis over the different kinds of data processing, the definition of the inherent risks and the measures to mitigate them. Actually, companies merely aiming to formally satisfy requirements… Read More »
In the last version of the Privacy Regulation, the DPO role is not compulsory but an option for Data Controllers. The DPO is mandatory for all organizations of the European Union (agencies). The last version of the Regulation made the certification an option. Organizations willing to be certified should appoint a manager to lead the project… Read More »
Is the DPO role requirement downgrade, out of the recent EP position and Council General Approach (15/06/2015), a real understatement or a need for an intermediate shorter but common step ahead for all Member States? The Data Protection matter seems affected by annoyance and embarrassment both on the side of single individuals, which should feel themselves… Read More »
The controller and the processor shall designate, where applicable, a Data Protection Officer (DPO) on the basis of professional qualities and, in particular, knowledge and experience on data protection law and practices, and ability to fulfil the assigned tasks . The controller (or the processor) shall ensure that the Data Protection Officer is properly and timely involved… Read More »