About security of the processing

By | Sunday June 14th, 2015

The Amendment 124, Proposal for a regulation, Article 30 states:

1.  The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing, taking into account the results of a data protection impact assessment (…), having regard to the state of the art and the costs of their implementation.”

There are many interesting elements in my understanding (in italic my highlights and proposed discussion topics):

  • The security measures must be appropriate to the risks (the appropriateness is judged by them, in which cases, until when?)
  • The controller and processor shall (jointly and both of them?) take into account the results of a DP Impact Assessment (that shall be done)
  • Considering the state of the art (that means that a set of security measures adequate today might not be anymore adequate tomorrow)
  • and also considering the costs of their implementation…

The latter point is the most interesting. Does this mean that is possible not to adopt all the security measures suggested by the risk and DP Impact Analysis if these cost too much for a company?

Share with...Tweet about this on TwitterShare on LinkedInShare on Google+Share on Facebook
Category: Impact, Risk and Measures Tags: , , ,

About Alessandro Vallega

He has been working in Oracle since 1997 as Project Manager in large international ERP projects and in IT since 1984. Now is Security Business Development Manager for Oracle Europe South. He takes care of Security, Governance, Risk and Compliance. He has defined a European methodology to evaluate the data security degree of a data center and the advantages of identity and access management technology. He founded in 2007 and lead the Oracle Community for Security, and in that context created several publications about Security and Privacy in the cloud, with mobile, in the social media, in healthcare and also on return on security investments, about the role of the CISO, and how to prevent frauds. Since 2012 he is involved in the creation of the annual Clusit ICT Security Reports. He is member of AIEA, Cloud Security Alliance Italy and is part of the Board of Directors of Clusit.

Leave a Reply