Category Archives: Impact, Risk and Measures

External data processors: long-term partnership or do not take responsibility?

Finally, the GDPR highlights the situations of disorganization. We are witnessing the attempts to carry out what has not been done so far, especially from the point of view of operational concreteness. In drafting the treatment register, emerges the problem of the assessment regarding the appointments of external data processor. I have observed that some… Read More »

WP art. 29 published a document about transparency and Information to be provided

WP art.29 published on public consultation wp260  titled “Guidelines on transparency under Regulation 2016/679”. This document details how to comply with art. 12 to 22 and 34. Great attention is devoted to art.13 and art. 14.. WP art.29 on paragraph 2 make clear that privacy statements/ notices shall comply with Transparency, as expressed is in the document,… Read More »

Controller and Processor standard clauses

The French DPA (CNIL) and Spanish DPA (AGDP) have issued two guides for data processors, namely “Règlement européen sur la protection des données : un guide pour accompagner les sous-traitants” and “Directrices para contratos responsable – encargado” respectively. Furthermore the English DPA (ICO) has published a draft gdpr contracts guidance. These have a positive impact… Read More »

WILL THE CONSENT COLLECTED BEFORE THE EFFECTIVE DATE OF GDPR STILL BE VALID?

The “Guide on the Application of the European Personal Data Protection Regulation” published by the Italian DPA states, in the “Recommendations” at the foot of the consensus form, that: “The consent obtained before May 25, 2018 remains valid if it has all of the above characteristics. Otherwise, it is appropriate to work before that date… Read More »

Article 29 Data Protection Working Party Guidelines on Data Protection Impact Assessment (DPIA)

Last April 4, the Article 29 Data Protection Working Party (WP 29) has adopted Guidelines on Data Protection Impact Assessment, first of all defining common criteria for all data controllers, which can support the identification of processing operations that require to carry out a data protection impact assessment. This because it is not compulsory in… Read More »

A checklist to adapt to GDPR

Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance. As with all summaries, of course,… Read More »