On 13 December 2016 the European Data Protection Supervisor (Working Party – WP29) issued three documents containing information and recommendations on important novelties on Regulation (right to data portability, D.P.O., Leading Authority), in view of its application, effective from May 25, 2018. With regard to the Data Protection Officer, the guidelines first highlight that the… Read More »
Many clients of mine (public and private hospital, pharma and medical device companies..) are thinking to appoint an internal ICT Manager as DPO. I guess this decision could not be in compliance with the GDPR requirements for the reasons below. The GDPR art. 37 states that: The data protection officer shall be designated on the… Read More »
The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More »
After more than a year of work, the draft of a national UNI/UNINFO standard defining profiles and competences of data protection and processing professionals reached its final public inquiry stage. One of the declared goals is to bring common, shared rules to avoid a “far west” effect on a market already crowded by proprietary initiatives,… Read More »
Europrivacy has contributed to the public consultation concerning DPO’s guidelines issued by WP29, proposing some observations and a specific question. In particular, comments concerned the “conflict of interest”, fundamental element of which the guidelines exemplify the features in instances where the DPO role is appointed to a natural person within the company organization, although omitting… Read More »
By 25th may 2018, the controller and the processor, as required by Article 37 of the GDPR – General Data Protection Regulation, shall designate a data protection officer in three specific cases: a) where the processing is carried out by a public authority or body; b) where the core activities of the controller or the… Read More »
Several developments for the professional certifications (DPOs among them) and for controller/processor certification are being built. Which one of them will win the race is still not so clear … let’s try to assess the situation (italian only): Il dpo e gli schemi di certificazione dei trattamenti from Fabio Guasconi
Among the speeches at the GDPR conference held at Politecnico University in Milan on 17/1 (see HERE for full report), particularly enlightening i found the one by Sergio Fumagalli (Coordinator of Europrivacy), dedicated to the impact of GDPR on SMEs. The reasoning was prompted by the need to contextualize the application of regulations to the… Read More »
The legislation fixes the data protection as a general problem of high priority, and obliges organizations address data protection seriously and consciously, outlining the tools and strategies to get organized coherently and do their part to counter this risky situation. The GDPR defines an approach for the creation of a system in which information security is… Read More »
Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »