Category Archives: Impact, Risk and Measures

How to prepare to comply to GDPR

The GDPR was born one year ago (on the 27th April, published on GUE on 4th May 2016) and many have not yet outlined an adjustment plan. There is only one year left to comply to (the deadline is established on 25th May 2018). Some data protection authority of each EU Member State have published… Read More »

Guidelines DPIA … for whom / for what ??

On 4.4.2017 the WP has adopted the “Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679” the question is  why, for whom and for what. The answer is inside the document and is not a secondary matter because if… Read More »

The new European Regulation gives greater value and facilitation to scientific research.

The Directive 95/46/EC deal with the argument in the following terms: The processing of personal data for scientific research purposes is not considered incompatible with other processing (art. 6) For scientific use, personal data may be stored for longer periods (art. 6) The provision of information to the data subject may not be given when… Read More »

Guidelines Data Protection Impact Assessment

On April 5, the “Article 29 Data Protection Working Party” has published the “Guidelines on Data Protection Impact Assessemnt (DPIA) in order to give a valid interpretation of art. 34 of the EU Regulation 2016/679. The document consists of 19 pages (plus two attachments) very dense, having regard to the complexity of the matter. From guidelines it… Read More »

MIFID II and GDPR Regulations

Following the mandate given by the European Commission, the European Securities and Markets Authority (ESMA) published its final technical advice on MiFID II on 19 December 2014, and on MAR on 3 February 2015. On 10 February 2016, the European Commission confirmed one year delay to the MiFID II timetable. The new target for implementation… Read More »

GDPR in practice

Everybody is talking about GDPR in every session at Security Summit this year, whatever the topic, but in practice what companies are doing to get prepared? Alessandro Vallega started from here to introduce the conference dedicated by Europrivacy to the new European Regulation, on the second day of the Summit organized by Clusit in Milan.… Read More »

UK institutional “data breach” … HSCIC asks for an inconsistent consent …

A recent decision of the Information Commissioner’s Office (https://ico.org.uk/) has manifested a fear that for years affected the UK (and not only) and that it is the focus of the discussions between the associations for the protection of clients/patients/data subjects. The above document states that the British “Data Controller” has experienced an anomaly related to… Read More »