Tag Archives: privacy impact assessment

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »

Notification to the supervisory authority

GDPR (Privacy European Regulation) does not require “notification to the supervisory authority” for special data processings. Such notification was required by previous Directive 95/46/CE. In fact, notification of special processing processings is considered an obsolete tool and, as written in introductory clause 89, “did not in all cases contribute to improving the protection of personal… Read More »

Is the right to be forgotten practicable?

As discussed in a previous post, the new GDPR underlines the importance of the right to be forgotten, to some extent already present in the current Italian legislation. Here we want to think about the technical implications of this requirement. How much can it cost to organizations the right to be forgotten, in a society… Read More »

Results of the online Survey about Security and Privacy on mobile devices

As mentioned in the previous post, on November 13th the XI National Congress of ANSSAIF (National Association of Security Specialists in Companies of Financial Intermediation) was held in Rome, on the theme of ‘Digital Services, Security, Network – What knowledge and what tools to address new threats?’. The appointment, rich of illustrious and interesting interventions,… Read More »

The European Data Protection Supervisor opinion on the data protection reform

On August the 6th the EDPS gave his opinion on the data reform. The full text is available at Consilium web site. The EDPS points out five high level requirements: A better deal for citizen: simplicity while: Understanding what is personal information Exercising their rights on personal data All data processing should be both lawful and justified… Read More »

GDPR: ten steps to compliance

Following the European Parliament’s adoption of a “General Approach” in June 2015, negotiations over the regulation’s final form are in the pipeline. The adoption represents the final stage of the negotiations between the European Commission, the European Parliament and the EU Council of Ministers, which means the regulations are on track for being put in… Read More »

An international Privacy culture

The recent scandal of the data theft suffered by Canadian extramarital dating website Ashley Madison astonished and continues to create consequences; nearly 10 GBs of data stolen by a hacker group and containing highly sensitive information about the private life of the users involved, whose lives have been however inevitably affected only for being part… Read More »

The PIA concept from directive 95/46 to the current draft of the EU – Conclusion

In two previous posts, I’ve presented some of the ideas for planning and execution of PIA process and report. Risk assessment is a very useful tool for management decision. Unfortunately someone promotes too much complex risk assessment methods that don’t help any management decision, but only increase the time and effort for analysis and don’t… Read More »

The PIA concept from directive 95/46 to the current draft of the EU – Part 2

Further developments After the first wave of PIA methods, in the last two years, further ideas have been proposed. Unfortunately, they introduce complexity, instead of help for controllers, processors and operators. In 2014 European Commission ruled on smart grid and promoted another model for PIAs. This model has theoretical errors (e.g. “feared events” and “threats”… Read More »