Tag Archives: Organization

Controller and Processor standard clauses

The French DPA (CNIL) and Spanish DPA (AGDP) have issued two guides for data processors, namely “Règlement européen sur la protection des données : un guide pour accompagner les sous-traitants” and “Directrices para contratos responsable – encargado” respectively. Furthermore the English DPA (ICO) has published a draft gdpr contracts guidance. These have a positive impact… Read More »

A checklist to adapt to GDPR

Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance. As with all summaries, of course,… Read More »

How to prepare to comply to GDPR

The GDPR was born one year ago (on the 27th April, published on GUE on 4th May 2016) and many have not yet outlined an adjustment plan. There is only one year left to comply to (the deadline is established on 25th May 2018). Some data protection authority of each EU Member State have published… Read More »

BODY IN CHARGE OF VIGILANCE AND CONTROL AND PRIVACY ROLES: GENERAL EVALUATION AND FIRST CONSIDERATIONS ON DPO’S PROCESSINGS.

Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »

Will SME comply to GDPR?

Comments seem to appreciate the GDPR: consulting companies think of the huge amount of services that top enterprises will require; tech vendors follow. Here is the point: large banks, top insurances, international B2C operators, Telcos, large internet players, these are the ones that are expected to comply. Or to have to comply. But this is… Read More »

DPO: better a service or an employee?

The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More »

Personal data protection. The EU GDPR text has been approved: and now? Conference on January 29th 16

Last December, the Commission of the EU Parliament in charge approved the final text of the new General Data Protection Regulation (GDPR) thus closing the negotiation among EU Parliament, Commission and Council (the so called trilogue). Now only some formal approval steps are still missing to have it in force. Steps that shoul be completed… Read More »

Same Old Stories?

Do you remember the old fashioned DPS (Documento Programmatico per la Sicurezza)? When it was removed from the minim​um​ required measures, the Italian Regulator didn’t mean that companies could abandon the analysis over ​the ​different kinds of data processing, the definition of the inherent risks and the measures to mitigate them. ​Actually, companies ​merely aiming to formally ​satisfy requirements… Read More »

GDPR: ten steps to compliance

Following the European Parliament’s adoption of a “General Approach” in June 2015, negotiations over the regulation’s final form are in the pipeline. The adoption represents the final stage of the negotiations between the European Commission, the European Parliament and the EU Council of Ministers, which means the regulations are on track for being put in… Read More »