Category Archives: Roles and Liabilities

GDPR in practice

Everybody is talking about GDPR in every session at Security Summit this year, whatever the topic, but in practice what companies are doing to get prepared? Alessandro Vallega started from here to introduce the conference dedicated by Europrivacy to the new European Regulation, on the second day of the Summit organized by Clusit in Milan.… Read More »

How to engage processors

Articles 28 and 29 of the GDPR require a “by a contract or other legal act” in order to engage a processor. Such document must include: the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects; the confidentiality agreement; assurance that… Read More »

Terminology differences between D.lgs 196/2003 and GDPR Regulation (EU) 2016/679

One of the benefits introduced by GDPR is about conforming the terminology at European level. But it is verifiable a disadvantage related to the figures involved, leaving the Italian scheme of D. Lgs. 196/2003 and considering the linguistic difference.                Lgs.196/2003                  … Read More »

Transparent information: a right of the data subject, not bureaucracy

Article. 12 of GDPR “Transparent information, communication and modalities for the exercise of the rights of the data subject” obliges the holder to provide to the data subjects with all necessary information, in a concise, comprehensible and easily accessible, with a simple and clear language, in particular in the case of information aimed specifically at… Read More »

Mandatory appointment of Data Protection Officer: the Working Party’s position pursuant to art. 29

On 13 December 2016 the European Data Protection Supervisor (Working Party – WP29) issued three documents containing information and recommendations on important novelties on Regulation (right to data portability, D.P.O., Leading Authority), in view of its application, effective from May 25, 2018. With regard to the Data Protection Officer, the guidelines first highlight that the… Read More »

Cyber Crime and Compliance at Milan Politecnico

The headlines go to the Cyber Crime attacks, but ultimately the Compliance remains the main expense leverage in IT security, at least for SMEs. That’s what emerges from the 2016 Survey by the Information Security & Privacy Observatory of the Milan Politecnico School of Management, presented on 2/2 at the conference “Cyber Crime: the invisible threat… Read More »

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »

Costs and security

The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More »

BODY IN CHARGE OF VIGILANCE AND CONTROL AND PRIVACY ROLES: GENERAL EVALUATION AND FIRST CONSIDERATIONS ON DPO’S PROCESSINGS.

Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »