First GDPR sanctions are underway: the German case

On 22 November 2018, the Baden-Württenberg Data Protection Authority (LfDI) announced, with a press release available here in German, of having imposed a € 20.000 sanction on the chat site Knuddels.de, for breach of Art. 32 of the GDPR. Knuddels is an online chat service that was popular in the 2000s, before the Facebook era.… Read More »

101 … but not only!

Before the Legislative Decree 101/2018 (the official text can be found at the following address: http://www.gazzettaufficiale.it/eli/id/2018/09/04/18G00129/sg.) capture us totally, I report herebelow the extremes of two recent and relevant judgments published during the summer, and concerning to areas of particular interest for those working daily with Data Protection – that is, the scope of marketing… Read More »

External data processors: long-term partnership or do not take responsibility?

Finally, the GDPR highlights the situations of disorganization. We are witnessing the attempts to carry out what has not been done so far, especially from the point of view of operational concreteness. In drafting the treatment register, emerges the problem of the assessment regarding the appointments of external data processor. I have observed that some… Read More »

The butcher and privacy

In the past few days, a picture circulating around showed a poster in a butcher shop that said: In our butchery, we could sometimes ask your name and remember your tastes in terms of meat. If this annoys you, please enter shouting: “I deny my consent”. From now on, we’ll pretend not to know you.… Read More »

Record of the processing activities: semplification for SME

At the AssoDPO Congress, Luigi Montuori (Authority’s office), talking about the most recent WP29’s activities, cited a recent “position paper” on the exemption from the Records of processing activities. I remind that article 30(5) states: “The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer… Read More »

Survey on compliance status

We have created a survey (in Italian) to collect information about the GDPR projects status of the Italian companies. It’s made of only 13 simple questions and it takes no longer than 3 minutes to fill – well… if you know Italian 🙂 This is the link: https://survey.clusit.it/C4S-GDPR/?FROM=020 Data collected is completely anonymous. The survey it’s… Read More »

DPO

Less than a month before the GDPR  coming  into force, it happens more and more often to see discussions, both online and during conferences, about the DPO’s role, its skills and competencies  , its operational activities, the fact that she/he can or can’t do his job effectively in the company where the GDPR has been… Read More »

Some news from the website of Italian Data Protection Authority

In these last days, the privacy Italian Data Protection Authority’s website has published some important news visible at the following links http://garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/8036793 http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/7322292 http://194.242.234.211/documents/10160/0/Guida+all+applicazione+del+Regolamento+UE+2016+679.pdf It is about: 1)      New Faq on the DPO 2)      Model of data communication of the DPO ex article 37 paraf. 7 GDPR 3)      Guide to the application of EU Regulation… Read More »