Author Archives: Pastore

About Pastore

Maurizio Pastore career encompassed different fields of Information and Communication technology (sw development, network and system management), operating in different vertical markets (manufacturing, telecommunication, public administration). In the last five years he was focused on information security and privacy. Since 2012 he acts as Data Privacy Officer and as Chief Information Security Officer in Liguria Digitale, the Regione Liguria ICT company.

WP art. 29 published a document about transparency and Information to be provided

WP art.29 published on public consultation wp260  titled “Guidelines on transparency under Regulation 2016/679”. This document details how to comply with art. 12 to 22 and 34. Great attention is devoted to art.13 and art. 14.. WP art.29 on paragraph 2 make clear that privacy statements/ notices shall comply with Transparency, as expressed is in the document,… Read More »

Italian DPA forces an Italian Party to update its CMS

Recently the Italian Data Protection Authority obliged an italian party Movimento Cinque Stelle to update its web site Content Management System, reserving the right to apply administrative sanctions  ex art. 162 of Italian Privacy Code dlgs. 196/2003 vedi http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/7400401 How many companies have their site CMS out of date? Perhaps it is better to hurry up.

Controller and Processor standard clauses

The French DPA (CNIL) and Spanish DPA (AGDP) have issued two guides for data processors, namely “Règlement européen sur la protection des données : un guide pour accompagner les sous-traitants” and “Directrices para contratos responsable – encargado” respectively. Furthermore the English DPA (ICO) has published a draft gdpr contracts guidance. These have a positive impact… Read More »

A checklist to adapt to GDPR

Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance. As with all summaries, of course,… Read More »

How to prepare to comply to GDPR

The GDPR was born one year ago (on the 27th April, published on GUE on 4th May 2016) and many have not yet outlined an adjustment plan. There is only one year left to comply to (the deadline is established on 25th May 2018). Some data protection authority of each EU Member State have published… Read More »

The new European Regulation gives greater value and facilitation to scientific research.

The Directive 95/46/EC deal with the argument in the following terms: The processing of personal data for scientific research purposes is not considered incompatible with other processing (art. 6) For scientific use, personal data may be stored for longer periods (art. 6) The provision of information to the data subject may not be given when… Read More »

Fines are higher for individual rights violations rather than poor data protection

Art. 24 Sanctions of the Directive 95/46 recital “The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.” did not gave any specific criteria to… Read More »

Trilogue is going on but with secrecy

Trilogue is going on: here you can find all produced documents. They decided to hidden the final text that come out in trilogue technical meetings. Today (24/10/15) the only browsable document (http://www.consilium.europa.eu/register/en/content/out/?&typ=ENTRY&i=ADV&DOC_ID=ST-12404-2015-INIT) is about Chapter VI and VII and most of the content is intentionally left blank. The relevant information is that works are going on. Presidency… Read More »