Category Archives: Roles and Liabilities

External data processors: long-term partnership or do not take responsibility?

Finally, the GDPR highlights the situations of disorganization. We are witnessing the attempts to carry out what has not been done so far, especially from the point of view of operational concreteness. In drafting the treatment register, emerges the problem of the assessment regarding the appointments of external data processor. I have observed that some… Read More: External data processors: long-term partnership or do not take responsibility? »

The ‘good officer’ that controls our data. How to appoint a DPO

The appointment of the Data Protection Officer (DPO) is one of the most controversial points of the implementation of the new Reg. EU 2016/679 on data protection. The Data Protection Authority provides guidance on this matter through a series of FAQs. The DPO is a key figure that is mandatory for public and private health facilities… Read More: The ‘good officer’ that controls our data. How to appoint… »

Controller and Processor standard clauses

The French DPA (CNIL) and Spanish DPA (AGDP) have issued two guides for data processors, namely “Règlement européen sur la protection des données : un guide pour accompagner les sous-traitants” and “Directrices para contratos responsable – encargado” respectively. Furthermore the English DPA (ICO) has published a draft gdpr contracts guidance. These have a positive impact… Read More: Controller and Processor standard clauses »

WILL THE CONSENT COLLECTED BEFORE THE EFFECTIVE DATE OF GDPR STILL BE VALID?

The “Guide on the Application of the European Personal Data Protection Regulation” published by the Italian DPA states, in the “Recommendations” at the foot of the consensus form, that: “The consent obtained before May 25, 2018 remains valid if it has all of the above characteristics. Otherwise, it is appropriate to work before that date… Read More: WILL THE CONSENT COLLECTED BEFORE THE EFFECTIVE DATE OF GDPR… »

Clinical trials and GDPR

Clinical trials data are the ones more frequently processed by pharma and medical device companies: trial centers are also involved in this data processing. Under the data protection legislation, pharma and medical device companies are controllers and trial centres are processor, most of the time. But these roles are not always clear. In the WP… Read More: Clinical trials and GDPR »

The authentication process in Personal Health Record service

From a privacy perspective, SPID – Italian Public Service for Digital Identity is compliance with GDPR, because is a precaution to protect personal data (Art. 32). Currently, in many online Personal Health Record services, is possible to perform the authentication by Level 2 of ISO / IEC DIS 29115 (Level of Assurance 3 (LoA3)) and… Read More: The authentication process in Personal Health Record service »

A checklist to adapt to GDPR

Adapting to GDPR can be a rather complex task: is a substantial Regulation composed of 99 articles and 173 recitals. I thought useful, at least for me, to elaborate a reasoned summary, which directs the mental process to see if and how to adjust business procedures to achieve compliance. As with all summaries, of course,… Read More: A checklist to adapt to GDPR »

How to prepare to comply to GDPR

The GDPR was born one year ago (on the 27th April, published on GUE on 4th May 2016) and many have not yet outlined an adjustment plan. There is only one year left to comply to (the deadline is established on 25th May 2018). Some data protection authority of each EU Member State have published… Read More: How to prepare to comply to GDPR »

The new European Regulation gives greater value and facilitation to scientific research.

The Directive 95/46/EC deal with the argument in the following terms: The processing of personal data for scientific research purposes is not considered incompatible with other processing (art. 6) For scientific use, personal data may be stored for longer periods (art. 6) The provision of information to the data subject may not be given when… Read More: The new European Regulation gives greater value and facilitation to… »