Category Archives: Data Protection Officer

Cyber Crime and Compliance at Milan Politecnico

The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More »

Data Protection Officer, close to a unified certification scheme … and more

After more than a year of work, the draft of a national UNI/UNINFO standard defining profiles and competences of data protection and processing professionals reached its final public inquiry stage. One of the declared goals is to bring common, shared rules to avoid a “far west” effect on a market already crowded by proprietary initiatives,… Read More »

Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29

Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29, proposing some observations and a specific question. In particular, comments concerned the “conflict of interest”, fundamental element of which the guidelines exemplify the features in instances where the DPO role is appointed to a natural person within the company organization, although omitting… Read More »

A “sustainable and effective” Privacy for SMEs

Among the speeches at the GDPR conference held at Politecnico University in Milan on 17/1 (see HERE for full report), particularly enlightening i found the one by Sergio Fumagalli (Coordinator of Europrivacy), dedicated to the impact of GDPR on SMEs. The reasoning was prompted by the need to contextualize the application of regulations to the… Read More »

Relevance and cost of the Data Protection Officer in healthcare organizations

The legislation fixes the data protection as a general problem of high priority, and obliges organizations address data protection seriously and consciously, outlining the tools and strategies to get organized coherently and do their part to counter this risky situation. The GDPR defines an approach for the creation of a system in which information security is… Read More »

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »

DPO “fulfilling other tasks” and “Conflict of interests” in WP29 Guideline wp243. ISACA Frameworks are helpful tools to better define internal segregation of duties.

The WP29 adopted on December 13 a guideline, in order to better defining to the role of the DPO in the GDPR. WP29 DPO Guideline, at 3.5. point states that: Article 38(6) allows DPOs to ‘fulfil other tasks and duties’ but ‘any such tasks and duties do not result in a conflict of interests’. WP29… Read More »