“The effectiveness of the GDPR: practical aspects in light of the new Privacy legislation”
February 20, 2019
Milan – NH Milano Machiavelli, Via Lazzaretto, 5.
The meeting – with Maria Roberta Perugini, Giancarlo Butti, Anna Rita Popoli, Matteo Gattola and Fabio Verna – aims to be a moment of debate focused on key aspects of the practical implementation of the GDPR and the national coordination legislation (Legislative Decree No. 101 of 2018).
We will try to address these (and many other) questions:
- What are the most frequent mistakes during the selection of the DPO?
- How does the selection of the DPO affect the data controller’s accountability?
- How to quantify the remuneration of the DPO? To what extent is the remuneration relevant to assess the compliance of the data controller?
- If the DPO is incompetent or in a conflict of interests or if it works for too many data controllers, what are the legal consequences for the data controller? And for the DPO itself?
- What kind of liability issues can DPO face? Are they different for internal and external DPO?
- How does the content of the contract between the data controller and DPO affect their respective liabilities?
- What is the difference, in terms of the processing of personal data, between the DPO and other supervisory and compliance bodies? And what connections are there between the concerned data flows?
- Is the DPO data controller for the data processing carried out in the performance of his duties?
- How does the data controller monitor the work of the DPO? What checks should he perform?
- The new persons who, under the direct authority of the controller or processor, are authorised to process personal data correspond with the old ones in charge (“incaricati”)?
- What characteristics should they have?
- How should the authorization be drafted? And what are the consequences of data processing without authorization?
- What is meant by “designazione” (designation) (Article 2-quaterdecies, Legislative Decree No. 196/2003)? Do the processors fall within this definition?
- What is the relationship between data processing authorization and data processing instructions?
- Is training required by law? If not, is it necessary? What are the contents and what is the best way to provide them in order to make them effective?
- What tools can help the data controller to check the correctness of its compliance process?
- What are the benefits, included financial ones, which could be the results of a correct privacy compliance?