The GDPR provisions are flawed by mistranslations (in terms of both errors and conceptual misunderstanding.) As much as this may just like an academic/cultural concern, it ain’t actually so because in the law realm words do matter. Continue reading “The (not so) hidden consequences of the GDPR mistranslations”
Data Breach Notification is not (always) Mandatory
Contrary to a broadly shared belief, under the GDPR not all Data Breaches are created equal. Section 33, first paragraph of the GDPR, indeed, clearly says that
In the case of a personal data breach, the controller shall … notify the personal data breach to the supervisory authority …, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. (emphasis added)
Continue reading “Data Breach Notification is not (always) Mandatory”
What it takes to become an effective DPO
I am actually sick of the attempts to cash-in the needs of professionals that want to get a proper DPO qualification, by proposing useless “seminars” or “masters” or “crash courses” that promise to turn people that never approached the data protection issues before into skilled DPOs. This is exploitation, like promising that in fifteen days you can be turned from a desk geek into somebody able to beat Mike Tyson in his primes. Continue reading “What it takes to become an effective DPO”
The “certified” DPO and how to spot a useless one
With the approaching of May 25, 2018, the number of (self-professed) “Certified DPOs” is growing at an astonishing pace.
Many of the companies that fall within the GDPR’s scope must to include in its ranks this role but HR or Legal department are in the completely in the dark when it comes to set forth the criteria to evaluate a candidate’s fitness for the job.
“Certifications” or “Privacy Master Degree” ownership are a few ways the candidates try to lure a company into hiring them. Continue reading “The “certified” DPO and how to spot a useless one”
About GDPR and Extraterritoriality
The extra-territorial aspect of the GDPR has been designed mimicking the criminal law approach enforced to punish crimes committed abroad by a national citizen. But while this approach works for criminal law, it doesn’t for civil (in the Continental meaning of the word) law that is strongly based on the jurisdiction (meant as “geographical limit to the power of a sovereign State) concept. Under this principle, a law can’t extend its reach outside the boundaries of the State that passed it. Continue reading “About GDPR and Extraterritoriality”