“The controller or the processor may, or where required by Union or Member State law shall, designate a data protection officer”. This is the opening of Article 35 of the Regulation as amended and approved by the EU Council on the 11th of June and which the Presidency submits for approval as a General Approach.… Read More »
The New Regulation, through the art. 30 and 33, implicitly stresses the concept of “process for security management”, imposing an holistic and risk-based approach to the protection of personal data that takes into account important technological and behavioral changes happened in the last few years (Cloud, Big Data, Social Networks, right to oblivion, right to data… Read More »
Today personal data are the new “oil”, they are among the most interesting source of income both for organizations and criminal activities, then, it is very important and necessary to protect them. In this context, the concept of privacy by design and privacy by default, has to be considered a mandatory solution. The “privacy by… Read More »
Article 31 of the EU regulation proposal on personal data protection is aimed at making the notification of data breaches to the supervisory Authority mandatory for every controller, without undue delay. Of course, processors must notify, again without undue delay, every data breach to the controller to allow him to proceed. The communications must include at least the… Read More »
Pursuant to article 35 c. 5 of the General Data Protection Regulation (Regulation COM(2012)11), Data Protection Officer (DPO) must have professional qualities and, in particular, expert knowledge of data protection law and practices and ability to fulfill the tasks referred into the following article 37. This would means that the level of required expert knowledge… Read More »