Category Archives: Privacy & identity

The penalties foreseen by the Regulation


The Regulation 679/2016  foresees which breaches should be sanctioned and the maximum applicable costs. In order to evaluate the appropriate costs, it is necessary to take into account several parameters but the measures taken by the controller have a relevant importance. In establishing the administrative sanction, the technical and organizational measures adopted by the controller […]

Data protection and computer security


The adoption of efficient measures of personal data protection has a relevant effect also on the protection of all the informative asset of a company which represents an inestimable value. Therefore, setting up a computer security system is necessary not only to fulfill a legal obligation but also to be defended against the likelihood of […]

The controller’s responsibility


The Regulation is based on the accountability principle of the controller of the processing. The Accountability principle foresees that the controller should adopt measures which guarantee a processing in accordance with the Regulation and that should demonstrate its concrete actualization and its objective effectiveness. The performance criterion was already known in the Italian legal system […]

The “legal basis” of the data processing and the consent


The Regulation assumes that data processing is illicit if there is no legal basis consenting it. The consent is no longer the only legal basis. There are other basis which are placed on an equal footing to consent. The legal basis is different whether it deals with general or sensitive data. The legal basis for […]

  • Elsewhere