The WP29 adopted on December 13 a guideline, in order to better defining to the role of the DPO in the GDPR. WP29 DPO Guideline, at 3.5. point states that: Article 38(6) allows DPOs to ‘fulfil other tasks and duties’ but ‘any such tasks and duties do not result in a conflict of interests’. WP29… Read More »
Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »
DPO’s position, as is known, has among its tasks (art. 39-1b): to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in… Read More »
The personal health data are the set of information useful to reveal the state of health of a person and consist of personal medical history, results of instrumental and laboratory tests, diagnostic images, medical reports and other sensitive information. The nature of this data is to be at the center of the activities of health… Read More »
Out of the 4 guidelines promised by the FabLab by year-end, the WP29 adopted on December 13 the first one, dedicated to the role of the DPO. It does not obviously contain new regulations but interpretations, examples and best practices, highly desirable because (as stated by the WP29 itself) the GDPR contains several ambiguities. I… Read More »
Germany has released the second draft of a rule implementing the GDPR, which will replace the current national Privacy legislation Bundesdatenschutzgesetz (BDSG), setting alongside the GDPR itself. According to the Regulation, member states may legislate on specific matters, while respecting the general principles set out in the Regulation: Germany apparently is already doing it. In… Read More »
The health data are processed in a technological domain very complex, often influenced by the presence of exceptions. These exceptions to the standard management processes add cost, complexity and redundancy in the system, worsening the proper functioning of healthcare organizations. The regulatory environment also does not provide the appropriate tools to attack the critical issues… Read More »
The FabLab Group (established by WP29) drew up the summary document that will lead to issue best practices and guidelines about: the role of the DPO, Data Portability, DPIA and criteria on the Privacy Certification. As for the DPO, as you may have already had occasion to read, I am among those who support the… Read More »
The Working Party Article 29 spokeswoman Isabelle Falque-Pierrotin has set for her team a challenging goal: to publish later this year a handbook for practical application in companies of the changes introduced by the new european General Data Protection Regulation. The guidelines are necessary because “there are ambiguities in GDPR”. Clarifications have also been promised… Read More »
Europrivacy and Global Cyber Security Center have prepared an online survey on how the companies are preparing for the GDPR. Please contribute answering 25 simple questions! (in Italian) Results will be published by the year end on the website and incorporate in the Clusit ICT Security report. The survey starts here: http://bit.ly/2dDOiqm thanks to Elena Agresti and Giancarlo… Read More »