Category Archives: Data Protection Officer

Data Protection Officer, close to a unified certification scheme … and more

After more than a year of work, the draft of a national UNI/UNINFO standard defining profiles and competences of data protection and processing professionals reached its final public inquiry stage. One of the declared goals is to bring common, shared rules to avoid a “far west” effect on a market already crowded by proprietary initiatives,… Read More »

Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29

Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29, proposing some observations and a specific question. In particular, comments concerned the “conflict of interest”, fundamental element of which the guidelines exemplify the features in instances where the DPO role is appointed to a natural person within the company organization, although omitting… Read More »

A “sustainable and effective” Privacy for SMEs

Among the speeches at the GDPR conference held at Politecnico University in Milan on 17/1 (see HERE for full report), particularly enlightening i found the one by Sergio Fumagalli (Coordinator of Europrivacy), dedicated to the impact of GDPR on SMEs. The reasoning was prompted by the need to contextualize the application of regulations to the… Read More »

Relevance and cost of the Data Protection Officer in healthcare organizations

The legislation fixes the data protection as a general problem of high priority, and obliges organizations address data protection seriously and consciously, outlining the tools and strategies to get organized coherently and do their part to counter this risky situation. The GDPR defines an approach for the creation of a system in which information security is… Read More »

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »

DPO “fulfilling other tasks” and “Conflict of interests” in WP29 Guideline wp243. ISACA Frameworks are helpful tools to better define internal segregation of duties.

The WP29 adopted on December 13 a guideline, in order to better defining to the role of the DPO in the GDPR. WP29 DPO Guideline, at 3.5. point states that: Article 38(6) allows DPOs to ‘fulfil other tasks and duties’ but ‘any such tasks and duties do not result in a conflict of interests’. WP29… Read More »


Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »

Controller Organisms and Privacy Roles

DPO’s position, as is known, has among its tasks (art. 39-1b): to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in… Read More »