A checklist to adapt to GDPR

By | Friday May 12th, 2017

Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance.

As with all summaries, of course, details can be lost and there may/must be a compromise between completeness, accuracy, and simplicity.

To realize it, I choose a decision tree model, made with two points of view both thought for an EU resident:

Data Controller (cf. attachment 1)

Data-CONTROLLER-decision-tree-model

Data Processor (cf. attachment 2)

Data-PROCESSOR-decision-tree-model

 

I suggest readers to give suggestion, especially on what I presented about the Data Processor: the GDPR is (properly) focused on the Data Controller, while the Data Processor is merely described on his relations with the Data Controller; therefore, it was impossible to determine immediately a thinking scheme

Category: Impact, Risk and Measures Roles and Liabilities Tags: , , , ,

About Pastore

Maurizio Pastore career encompassed different fields of Information and Communication technology (sw development, network and system management), operating in different vertical markets (manufacturing, telecommunication, public administration). In the last five years he was focused on information security and privacy. Since 2012 he acted as Data Privacy Officer and as Chief Information Security Officer in Liguria Digitale, the Regione Liguria ICT company. From 2016 he is focused on Privacy & Security Services for Liguria Digitale Customers. Nowadays he is the DPO for Azienda Ospedaliera S.Luigi Orbassano, ASL TO4, ASL TO5, AISM, FISM, Città Metropolitana di Genova.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.