Non è più sufficiente gestire la Privacy in azienda tramite un’azione una tantum

“Non è più sufficiente gestire la #Privacy in azienda tramite un’azione una tantum: con il #GDPR il processo deve essere continuo. Sorge la necessità di strutturare un vero e proprio Modello Organizzativo Privacy.” - Il mio intervento al Convegno Privacy Unolegal 2018.

European Union Agency for Fundamental Rights Releases its “Handbook on European data protection law – 2018 edition”

The European Union Agency for Fundamental Rights has released the updated 2018 edition of the "Handbook on European data protection law" which provides us with an understanding of the European Union and Council of Europe's applicable data protection legal frameworks. The handbook is particularly useful in that in addition to providing an overview of EU data protection law, it ...

Data Protection as a Corporate Social Responsibility

I've been saying it for quite some time, but it is becoming ever-more clear that Data Protection in itself can represent a new form of Corporate Social Responsibility. No present or forthcoming legal framework (whether it be the EU’s much-discussed General Data Protection Regulation or new competition rules) will ever be able to effectively regulate our ...

The New Surinamese Privacy and Data Protection (SPDP) Law

On 3 May 2018 I officially presented the Surinamese Privacy and Data Protection (SPDP) Law to the Parliament. The reaction was positive and Members of the Parliament were interested in understanding the key provisions of the SPDP Law, acknowledging the need in the country to establish the fundamental right to personal data protection and, more ...

#CoE Treaty No.108: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data

The Council of Europe Committee of Ministers has approved the modernisation of Treaty No. 108, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. The amending protocol will be formally adopted next week by the  Committee of Ministers  during their annual ministerial session on 18 May 2018 in Elsinore (Denmark). In it's Summary Report on co-operation between the ...

Coordinated approach to #ArtificialIntelligence for Europe

On April 25th the European Commission published an official communication "Artificial Intelligence for Europe {SWD(2018) 137 final}" in which it stressed the importance of having a coordinated approach to AI in order to take full advantage of the benefits that it can bring to EU member states and to society in general. In fact, in early April 24 ...

Italian DPA prohibits companies from using software that monitors employees

On 8 March 2018, the Italian Data Protection Authority banned any further processing activities of the Customer Care employees’ data, carried out by an important Italian telecommunication company through a software (namely, Salesforce Arcadia) that handled the calls to subscribers. The software not only processed n data related to the calls of the customers and their ...

The Italian Garante on the Data Protection Officer in the private sphere

On 26 March 2018, the Italian Data Protection Authority published its new “frequently asked questions”  related to the figure of the Data Protection Officer (DPO) in the private sphere. The FAQs are a useful tool that can provide addition clarification regarding the figure of DPO together with the Article 29 Working Party (“WP29”) Opinion on ...

#Art29WP Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

In its Position Paper the Article 29 WP provides us with clarification with respect to the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR. The Article 29 WP's position on the derogation from this obligation, specifying that the derogation provided by Article 30(5) is not absolute and that in fact, the article ...