Tag Archives: risk assessment

The new European Regulation gives greater value and facilitation to scientific research.

The Directive 95/46/EC deal with the argument in the following terms: The processing of personal data for scientific research purposes is not considered incompatible with other processing (art. 6) For scientific use, personal data may be stored for longer periods (art. 6) The provision of information to the data subject may not be given when… Read More »

Terminology differences between D.lgs 196/2003 and GDPR Regulation (EU) 2016/679

One of the benefits introduced by GDPR is about conforming the terminology at European level. But it is verifiable a disadvantage related to the figures involved, leaving the Italian scheme of D. Lgs. 196/2003 and considering the linguistic difference.                Lgs.196/2003                  … Read More »

GDPR guest star at Politecnico University

Aula Magna packed and great audience interest on 17/1 for the conference dedicated to GDPR by the Information Security & Privacy Observatory of Politecnico University in Milan. In his introduction Alessandro Piva (Observatory Director) has anticipated some results of the Research that will be presented on 2/2, which shows the breadth and diversity of threats,… Read More »

The Health Technology Assessment (HTA) approach

Give the citizen a reliable health data, secure and easy to use is not possible without an overview of all the business processes. These can be standardized and simplified if the critical issues are identified, evaluated and removed. In the conduct of information security governance, healthcare organizations can make use of the methodological approach of… Read More »

Is a retrofitting enough to make current solutions compliant?

We are often tempted to reuse a significant portion of existing solutions and processes when information systems are forced to adhere to new regulatory requirements. This is usually not prevented and indeed advisable in many cases; nevertheless in the case of the new GDPR any simple and hasty approach would seem unsuitable and misleading. This especially… Read More »

GDPR: from obligation to opportunity

The GDPR, in its final version just approved by EU Commission, Parliament and Council, introduces important changes in the responsibilities and procedures for protection and management of personal data within the EU. Just think on the introduction of data breach, privacy by default, the obligation to define, document and monitor the framework adopted to protect… Read More »

A risk assessment model regarding the personal data processing in electronic communications

Announcing the publication in the “La Comunicazione – Note, Recensioni e Notizie” magazine 2015 (Istituto Superiore delle Comunicazioni e delle Tecnologie dell’Informazione) of an article : Un modello per la valutazione dei rischi relativamente al trattamento dei dati personali nelle comunicazioni elettroniche (A risk assessment model regarding the personal data processing in electronic communications) by Alberto… Read More »

The French Data Protection Authority publishes its PIA manual

New guides for carrying out PIAs (Privacy Impact Assessments) have been published by the CNIL. The method will help data controllers to implement Privacy by design. A PIA (Privacy Impact Assessment) relies on two pillars: – The fundamental principles and rights, “non-negotiable”, fixed by law and that have to be complied with. They may -not… Read More »

New EU Regulation requires a more structured approach to personal data security

The New Regulation, through the art. 30 and 33, implicitly stresses the concept of “process for security management”, imposing an holistic and risk-based approach to the protection of personal data that takes into account important technological and behavioral changes happened in the last few years (Cloud, Big Data, Social Networks, right to oblivion, right to data… Read More »