Tag Archives: what to do

How to prepare to comply to GDPR

The GDPR was born one year ago (on the 27th April, published on GUE on 4th May 2016) and many have not yet outlined an adjustment plan. There is only one year left to comply to (the deadline is established on 25th May 2018). Some data protection authority of each EU Member State have published… Read More »

Data Protection Officer, close to a unified certification scheme … and more

After more than a year of work, the draft of a national UNI/UNINFO standard defining profiles and competences of data protection and processing professionals reached its final public inquiry stage. One of the declared goals is to bring common, shared rules to avoid a “far west” effect on a market already crowded by proprietary initiatives,… Read More »

Costs and security

The GDPR allows the controller to take into account also the cost of the security measures required to comply: article 32 says “Taking into account the state of the art, the costs of implementation…”. Compared to the current legislation this fact is strongly innovative, at least in Italy. “Taking into account the costs” is a… Read More »

GLOBAL GDPR READINESS: CIPL REPORT

As is widely known, the European Union General Data Protection Regulation, which replaces Directive 95/46/EC, will come into force in May 2018 and will bring relevant changes to all stakeholders: DPAs, individuals, controller and processor organizations. In order to help organizations understand the key operational impacts of the regulation and to stimulate their internal change,… Read More »

Will SME comply to GDPR?

Comments seem to appreciate the GDPR: consulting companies think of the huge amount of services that top enterprises will require; tech vendors follow. Here is the point: large banks, top insurances, international B2C operators, Telcos, large internet players, these are the ones that are expected to comply. Or to have to comply. But this is… Read More »

DPO: better a service or an employee?

The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More »

12-step action plan for GDPR

The EU General Data Protection Regulation (GDPR) is causing concern for companies as they struggle to plan for its implementation according to the latest survey to be published (registration required). The survey was conducted by Blancco Technology Group of 511 individuals working in companies with up to 10,000 employees. It throws some interesting light on… Read More »

Personal data protection. The EU GDPR text has been approved: and now? Conference on January 29th 16

Last December, the Commission of the EU Parliament in charge approved the final text of the new General Data Protection Regulation (GDPR) thus closing the negotiation among EU Parliament, Commission and Council (the so called trilogue). Now only some formal approval steps are still missing to have it in force. Steps that shoul be completed… Read More »

Coming soon: Jan. 29 2016 the first meeting on GDPR

Europrivacy.info is organizing a meeting to start talking and working on the recently approved text of the GDPR on January 29 in Milan. This is just a “save the date”: more info will follow soon.

Standard about privacy

ISO – the International Organization for Standardization has already issued a set of guidelines and frameworks that anticipate the European Regulation on privacy. The main standards already published are: ISO / IEC 29100: 2011 Information technology – Security techniques – Policy framework ISO / IEC 29101: 2013 Information technology – Security techniques – Privacy architecture ISO… Read More »