Presentation by the Italian Supervisory Authority at Data protection in the Western Balkans and the Eastern Partnership Region. High-level exchange and learning week organised by SIGMA, GIZ, RCC and ReSPA.
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
The General Data Protection Regulation (GDPR): What About Data Stored or Transmitted Outside the EU? Written by: Rutger Ketting of Nysingh advocaten-notarissen N.V. (Apeldoorn, The Netherlands - TAGLaw).
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
The General Data Protection Regulation (GDPR): What About Data Stored or Transmitted Outside the EU? Written by: Rutger Ketting of Nysingh advocaten-notarissen N.V. (Apeldoorn, The Netherlands - TAGLaw).
Asia Counsel Insights gives readers a concise insight into legal and business developments in Vietnam. This edition has news on: the new law on Cybersecurity; the new law on access to Government information; the new decree on foreign investment in the education sector; and the new circular on health care subsidization.
The Presentation is a preliminary comment of The Hague Court decision published on March 6th 2020 aka "SyRI Case". The author considers the possibility to use the Dutch approach to automatic data management in the field of taxation as a possible benchmark for other jurisdictions too.
This is an UNREVISED version and contains some typos and data in need of double check.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
Anticorruption, data protection, confidential information and intellectual property rights, patient safety, competition and antitrust law, sales and marketing ethics - all among the issues presented here are at the forefront of legal challenges faced by international law firms in the healthcare sector, around the world.
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
General Data Protection Regulations (GDPR) Summary Compliance3
GDPR is an EU regulation that will apply to any business with its customers based within the EU. It is a transformative piece of legislation. Compliance3 has released a summarising document so you can interpret it how you please and see what the impact will be on your business.
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
This webinar provides an overview of:
- The principle of accountability and what it means
- Applying the principle of accountability
- Developing policies and procedures that comply with the Regulation
- Raising GDPR awareness and providing employees with training
- The board's responsibility to appoint a dedicated data privacy team of DPO
- The requirement to conduct data privacy audits and impact assessments
A recording of this webinar is available here:
https://www.youtube.com/watch?v=6KGeMwz7jro&feature=youtu.be
Presentation given by Ukraine at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Moldova at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
More Related Content
Similar to Day 01 - DataProtectionWeek - The ItalianSupervisory Authority.pdf
Asia Counsel Insights gives readers a concise insight into legal and business developments in Vietnam. This edition has news on: the new law on Cybersecurity; the new law on access to Government information; the new decree on foreign investment in the education sector; and the new circular on health care subsidization.
The Presentation is a preliminary comment of The Hague Court decision published on March 6th 2020 aka "SyRI Case". The author considers the possibility to use the Dutch approach to automatic data management in the field of taxation as a possible benchmark for other jurisdictions too.
This is an UNREVISED version and contains some typos and data in need of double check.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
Anticorruption, data protection, confidential information and intellectual property rights, patient safety, competition and antitrust law, sales and marketing ethics - all among the issues presented here are at the forefront of legal challenges faced by international law firms in the healthcare sector, around the world.
This webinar provides an overview of:
- The regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Risk management and the GDPR
- Legal requirement for a DPIA
- Why and how to conduct a data flow mapping exercise
- What are the challenges?
- What is an information flow?
- The questions to ask
- Data flow mapping techniques.
A recording of this webinar is available here:
https://youtu.be/EZFgrmzmPYE
General Data Protection Regulations (GDPR) Summary Compliance3
GDPR is an EU regulation that will apply to any business with its customers based within the EU. It is a transformative piece of legislation. Compliance3 has released a summarising document so you can interpret it how you please and see what the impact will be on your business.
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
This webinar provides an overview of:
- The principle of accountability and what it means
- Applying the principle of accountability
- Developing policies and procedures that comply with the Regulation
- Raising GDPR awareness and providing employees with training
- The board's responsibility to appoint a dedicated data privacy team of DPO
- The requirement to conduct data privacy audits and impact assessments
A recording of this webinar is available here:
https://www.youtube.com/watch?v=6KGeMwz7jro&feature=youtu.be
Presentation given by Ukraine at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Moldova at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Armenia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by SIGMA at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Photo gallery from Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Georgia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by SIGMA at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by the Republic of Slovenia Ministry of Higher Education at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by ReSPA at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Bosnia and Herzegovina at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by the Republic of North Macedonia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Ukraine at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Serbia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Omnichannel management, presentation given by Willem Pieterson. SIGMA Webinar series on service design and delivery in the Western Balkan region in 2023. Topic 3: Omni and Multi-channel service design and delivery.
Electronic services in the healtg system of Montenegro, presentation given by Vladimir Raickovic. SIGMA Webinar series on service design and delivery in the Western Balkan region in 2023. Topic 3: Omni and Multi-channel service design and delivery.
More from Support for Improvement in Governance and Management SIGMA (20)
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
Many ways to support street children.pptxSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
What is the point of small housing associations.pptxPaul Smith
Given the small scale of housing associations and their relative high cost per home what is the point of them and how do we justify their continued existance
A process server is a authorized person for delivering legal documents, such as summons, complaints, subpoenas, and other court papers, to peoples involved in legal proceedings.
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Day 01 - DataProtectionWeek - The ItalianSupervisory Authority.pdf
1. Il Garante
The Italian Supervisory Authority
BRUSSELS, 18 09 2023
LUIGI MONTUORI– HEAD OF SERVICE FOR EU AND INTERNATIONAL MATTERS
2. General Legal Framework
Features of the Authority
Members of the Panel
Tasks and powers
Organisational framework
Staff
Statistics
3. General Legal Framework
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data, and
repealing Directive 95/46/EC
- EU Directive 2016/680 of the European Parliament and of the Council, of 27 April 2016, on the
protection of natural persons with regard to the processing of personal data by competent authorities
for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the
execution of criminal penalties, and on the free movement of such data, and repealing Council
Framework Decision 2008/977/JHA
-- Legislative decree No 196 of 30 June 2003, Personal Data Protection Code’: as amended by legislative
decree No 101 of 10 August 2018 containing provisions to adapt the national legal system to Regulation
(EU) 2016/679 and by legislative decree No 51 of 18 May 2018 containing provisions to adapt the
national legal system to directive (EU) 2016/680
-- Legislative decree No 51 of 18 May 2018 implementing EU Directive 2016/680
https://www.garanteprivacy.it/documents/10160/0/Data+Protection+Code.pdf/
4. The Garante
(Section 2-a + Section 153 DP Code)
The Garante was set up by the DP Act 1996
Is the independent public supervisory authority
referred to in Article 51 GDPR (Section 2-a DPCode).
◦ The Garante is made up of a Collegiate Body directing it plus an Office (Section 153 DP Code):
◦ The Collegiate body includes 4 members elected by Parliament (two by the Chamber of
Deputies and two by the Senate through a specific voting procedure) for a seven year term. Not
renewable (The previous term of office was four years and was renewable once)
◦ The members are elected out of the candidates applying according to a specific, transparent
selection procedure publicised by a notice posted on the websites of the Chamber of Deputies,
the Senate and the Garante, at least sixty days prior to the respective appointments
◦ The members elect their President (and the Vice-president, replacing him/her in case of his/her
absence/unavalability). The President has the casting vote in case of a tie.
5. Members of the Collegiate
Panel of the Garante
(Section 153 DPCode)
• Persons ensuring independence
• Proven experience in the field of law or computer science
• Not allowed to carry out professional or advisory activities, manage or be employed by public or
private entities, or hold elective offices
• The members of the Panel of Commissioners shall keep secret, both during and after their term of
office, any confidential information they may have acquired in discharging their functions or
exercising their powers
•President, members, secretary general and staff shall refrain from handling proceedings before the
Garante for two years following termination of their functions or service with the Garante, including
the submission of complaints, requests for opinions or queries on behalf of third parties.
6. Tasks and Powers 1
(GDPR + DPCode)
In particular:
Garante’s powers and competence: Articles 57 and 58 of GDPR – including the power to start
investigations not only following complaints or alerts (Article 77 GDPR) or data breach
notifications (Article 33 GDPR), but also of its own volition. Moreover, the Garante:
• is empowered to request the controller, processor, data subject or third parties ‘to provide
information and produce documents as also related to the contents of databases’ (Section 157
DPCode)
• may order that databases and filing systems be accessed, carry out inspections at the premises
where the processing takes place, and investigations that are instrumental to check compliance
with personal data protection law (Section 158)
• may avail itself of the co-operation of other State agencies in discharging its institutional tasks
(Italian financial police, etc.)
• is empowered to impose corrective measures and fines
7.
8. Organisational Framework 1
For those aspects not regulated directly by the GDPR/DPCode, the Garante
adopts its own administrative regulations (Section 142 and 156(3)(a) DPCode).
On 4 April 2019 the DPA adopted two different administrative regulations:
• Regulation 1/2019 which regulates the proceedings before the Garante (e.g.
Section 3 reiterates the general principles of fairness and transparency of the
proceeding before the SA, Sections 8 to 18 regulate the handling of complaints
including the parties’ right to access documents and file submissions, etc.)
• Regulation 2/2019 which provides for specific time-limits with regard to the
different types of proceedings the SA is competent for.
9. Organisational Framework 2
Sections 155-156 of the DP Code
Regulations issued autonomously:
no. 1/2000 on organization and operation of the Office
no. 2/2000 on staff regulations and salaries
no. 3/2000 on administration and accounting mechanisms
no. 3/2006 – Access to documents
Internal regulations are available at: https://www.garanteprivacy.it/home/autorita/regolamenti-interni
10. Regulation 1/2000
Setting up several
Departments for Law Matters:
• Businesses and Profit-Seeking Entities
• Public entities
• Health Care and Research
• Communications and Electronic Networks and Marketing
• Freedom of expression and cyberbullying
• Legal and judicial matters
• A.I.
11. Regulation 1/2000 - Services
• Service for Legislative and Institutional Relationships
• Service for Research and Documentation
• Performance Assessment Unit (data collection)
• Press Office and Outreach Service
• Front Office (FAQ)
• EU and International Matters Service
12. Tasks and Powers 2
(GDPR + DPCode)
• Providing information to judicial authorities on the most serious
breaches of data protection law
• Commencing legal proceedings against a controller or processor in case of
infringement of personal data protection provisions
• Raising awareness of privacy legislation
• Encouraging the adoption of codes of conduct
13. Tasks and Powers 3
(GDPR+ DP Code)
• Drawing Parliament’s and Government’s attention
to the measures required in connection with data protection
• Giving opinions on legislative and administrative measures relating to the
protection of natural persons' rights and freedoms with regard to processing
• Submitting the annual report under Article 59 GDPR to Parliament and
Government
14. Task and Powers 4
(Section 154.2 DPCode)
The Garante discharges supervisory or assistance tasks on data processing as provided for by laws
ratifying international agreements and EU regulations, with particular regard to:
a) Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA (SIS II);
b) Regulation (EU) 2016/794 (Europol)
c) Regulation (EU) 2015/1525 on mutual assistance on customs and agricultural matters and Council Decision
2009/917/JHA on the use of information technology for customs purposes;
d) Regulation (EU) No 603/2013 (Eurodac)
e) Regulation (EC) No 767/2008 (VIS Regulation) and Council Decision 2008/633/JHA on access for consultation of VIS;
f) Regulation (EU) No 1024/2012 on administrative cooperation through the Internal Market Information System (‘the IMI
Regulation’ );
g) Chapter IV of Council of Europe - Convention 108/1981
15. Planning of the activities
Section 4, Regulation 1/2019
- At least twice yearly, adoption by Collegiate Panel
- In accordance with general principles of administrative activity
(effectiveness, efficiency, transparency, proportionality, non
-discrimination,…)
- Concerns:
◦ the work of the Collegiate Panel;
◦ the priority areas in the handling of cases by the Office;
◦ the planning of inspection activities.
Possibility to prioritise the handling of cases by having regard (also)
- to the resources available in relation to the workload,
- to the nature and gravity of the infringements, the extent of the injury and the number of data
subjects possibly concerned
16. International and EU Matters
•European Data Protection Board (EEA MS’ SA’s)
•Joint Supervisory Bodies (Schengen, Europol,
•Eurodac, Customs)
•CoE (Convention 108/81 Committee, «T-PD»)
•OECD («SPDE»)
•International Cooperation (Case Handling Network, GPEN, G7-DPAs, Other Forums)
•External Interfacing and Follow-up (Intl. Conferences, Twinnings, Training Projects)
•Internal Interfacing:
◦ Follow-up on domestic implementation measures (e.g.: Directive 136/2009)
◦ Institutional Co-operation (Governmental bodies, Parliament)
◦ Provides opinion on the preliminary rulling that the national courts submit to the Court of Justice
◦ Co-operation with other departments, units in SA (cross-border proceedings, etc.)
17. Statistics 1 – The Garante in 2022
442 decisions from the Garante as a collegiate body
9.218 complaints and reports finalised (inter alia, on marketing and IT networks,
online data from public bodies, health, IT security, banking and financial sector)
81 opinions on administrative acts (including legislation and other instruments
regarding health care, taxation, justice, digitalisation of the public sector, statistics)
Collected Fines 9.459.457 euro
140 on-site inspections (45 were carried out directly by the staff at the Office, the
remaining 95 were instead delegated to the Special Privacy and Technological Fraud
Unit of the Financial Police) in particular concerning e-invoicing, public databases,
whistleblowing software, marketing, food delivery.
15,000 replies to questions via the front office, mostly concerning the application of
GDPR, unsolicited marketing communications and online processing of data,
employment, video surveillance, banking and credit sector
Participation in 216 EU and international meetings (including EDPB expert subgroups)
18. Statistics 2 – The Garante in 2022
EDPB Plenary 15
Partecipation in EDPB subgroup, TF/DT 162
Meetings and inspections of joint authorities/supervisory bodies (Europol, SIS II, Dogane, Eurodac, VIS) 10
International Conferences 4
Meetings OCSE and CoE 12
Other International Conferences 13
19. Staff (on paper)
As of 31.12.2022, 148 positions were covered. Public competitive examinations are in progress to
recruit additional staff. 12 additional junior officials will join the staff shortly.