Giancarlo Butti has proposed the interesting topic concerning individuation of the role assigned to bodies in charge of vigilance and control within instances of personal data processing; these bodies are by their nature independent to the entity they supervise, even when being part of it. Among them, Butti has chosen as example the Organismo di… Read More »
Out of the 4 guidelines promised by the FabLab by year-end, the WP29 adopted on December 13 the first one, dedicated to the role of the DPO. It does not obviously contain new regulations but interpretations, examples and best practices, highly desirable because (as stated by the WP29 itself) the GDPR contains several ambiguities. I… Read More »
We are not obviously talking about technical roles, endowed with administrative privileges, but rather about roles stated with Decision of Italian DPA: Measures and precautions prescribed to data controllers of electronic processes concerning functions of the system administrator – November 27 2008 and subsequently modified with decision on June 25th 2009. Such Decision, as is… Read More »
Germany has released the second draft of a rule implementing the GDPR, which will replace the current national Privacy legislation Bundesdatenschutzgesetz (BDSG), setting alongside the GDPR itself. According to the Regulation, member states may legislate on specific matters, while respecting the general principles set out in the Regulation: Germany apparently is already doing it. In… Read More »
Art. 24 Sanctions of the Directive 95/46 recital “The Member States shall adopt suitable measures to ensure the full implementation of the provisions of this Directive and shall in particular lay down the sanctions to be imposed in case of infringement of the provisions adopted pursuant to this Directive.” did not gave any specific criteria to… Read More »
The FabLab Group (established by WP29) drew up the summary document that will lead to issue best practices and guidelines about: the role of the DPO, Data Portability, DPIA and criteria on the Privacy Certification. As for the DPO, as you may have already had occasion to read, I am among those who support the… Read More »
We all are so concentrated on the new EU Regulation that we disregard easily what is going on in the rest of the world. Hereafter you can find some news from far east and far west: all over the world private data protection and security are getting more and more relevant for policy makers, citizens… Read More »
One of the faults of the current legislation, that has been maintained in GDPR, is the use of the same term for both the internal data processors in an organization (usually managers or officials) or external ones (generally outsourcers companies or service providers). Leaving out the current consequences of these definitions we take into account… Read More »
We can go on discussing about the role and collocation of the Data Protection Officer within the company, considering the new European Privacy Regulation. And we will. But when Luca Bolognini takes a stand, then the chatter end. Tuesday, 10/05 in Turin for the conference “The European Regulation Policy inside the Company” organized by Sistemi… Read More »
The Regulation 2016/679 (GDPR) introduces a new role: the Data Protection Officer (DPO). Mandatory for some categories of Controllers and Processors and optional for the remaining ones (see article 37), the DPO plays a peculiar role within the controller’s organization. The GDPR defines the main DPO tasks (article 39 for details): inform and advice …, monitor… Read More »