The text of the new Regulation on Personal Data Protection contains explicit references to the concept of “accountability”, a concept not expressly contained in Directive 95/46/EC, but partially anticipated by the Art. 29 Data Protection Working Party in Opinion no. 3/2010. Primarily, art. 5 of the GDPR identifies the Data Controller as the person responsible… Read More »
Regulation no. 679/2016 introduces a regulatory framework entirely focused on the duties and “accountability” of the Data Controller, reversing the perspective of the reference framework for personal data protection. Directive 95/46/EC, in fact, was entirely centered on the rights of the data subject, whereas the text of the new Regulation is mainly developed on processes,… Read More »
The Regulation reinforces the responsibilities of Data Controller and requires evidence that the treatment carried out complies, from the early stages, with all the provisions of the Regulation. The Data Controller is also required to keep documentation of the treatments carried out under its responsibility, mandatorily indicating, for each of them, the information that ensure… Read More »
The Regulation provides for the possibility for Data Controllers and Data Processors to use certification, i.e. services designed to provide reliable evidence of compliance in terms of data protection (definition, implementation and review of appropriate measures). Regarding the Processor, the text provides that the guarantees that the Processor must provide to be appointed as such… Read More »