Gdpr & Privacy

The GDPR requires companies and professionals to comply with various obligations regarding the personal data processing.

The Trans-Atlantic Data Privacy Framework is the result of more than a year of negotiations between the European Union and the United States and intends to provide a solid and lasting way for transatlantic data transfer

Art.17 GDPR is about the right to be forgotten. This right is a fundamental part of privacy protection.

Whistleblowing refers to the spontaneous disclosure by an individual, who witnesses an offense or irregularity, potentially harmful to the community, committed within the organization for which it works. How does GDPR protect the whistleblower?

Blockchain is useful technology and have some elements in common with GDPR.

A data breach occurs when a company is responsible for people’s personal data and suffers a security problem resulting in a violation in terms of confidentiality, availability or integrity.

What are the biggest challenges that Big Tech companies face in managing privacy while doing business in the EU? How can they overcome them?

GDPR’s Art. 39 designates the Data Protection Officer as the person in charge to manage, process and safeguard third parties’ private data, in compliance with data protection laws. Organisations dealing with large scale personal data processing must hire a Data Protection Officer considering the skills required to best fulfill the main responsibilities of this professional. Some example of large scale data processing concern hospitals patients data or banks customer data. The main Data Protection Officer’s tasks are the training of the personnel on data processing, the conduction of compliance audits and the interaction with data subjects and GDPR supervisory authorities for informational and organisational reasons.

The GDPR is a reference when dealing with data breach, that is a violation that leads to the destruction, loss, modification, unauthorized disclosure or unauthorized access of personal data

Dark patterns are interfaces designed to push users taking unaware or unwanted actions, potentially dangerous for individual privacy. The European Commission works on tackling and regulating these “deceptive design patters”; in fact, European Data Protection Board published guidelines to recognize and deal with dark patterns, especially highlighting the relevance of GDPR’s Articles 5 and 25, where the first regards the principles of fair treatment, transparency, purpose limitation and data minimization, and the second establishes essential data protection design requirements to build an interface and avoid deceptive patterns.