Studia grazie alle numerose risorse presenti su Docsity
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Prepara i tuoi esami
Studia grazie alle numerose risorse presenti su Docsity
Prepara i tuoi esami con i documenti condivisi da studenti come te su Docsity
Trova i documenti specifici per gli esami della tua università
Preparati con lezioni e prove svolte basate sui programmi universitari!
Rispondi a reali domande d’esame e scopri la tua preparazione
Riassumi i tuoi documenti, fagli domande, convertili in quiz e mappe concettuali
Studia con prove svolte, tesine e consigli utili
Togliti ogni dubbio leggendo le risposte alle domande fatte da altri studenti come te
Esplora i documenti più scaricati per gli argomenti di studio più popolari
Ottieni i punti per scaricare
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Panoramica GDPR e misure sicurezza ICT per PA stabilite da AGID. GDPR regola trattamento dati personali residenti EU. Misure sicurezza ICT obbligatorie per PA per garantire sicurezza dati e rispettare diritti persone interessate. Principi base GDPR, sanzioni violazioni e diritti persone interessate. Misure sicurezza ICT per PA: inventario dispositivi e software, protezione configurazioni, valutazione vulnerabilità, privilegi amministratore e difesa malware.
Tipologia: Slide
1 / 31
Questa pagina non è visibile nell’anteprima
Non perderti parti importanti!
Where? Wherever. EU based organizations and it extends the scope of the EU data protection law to all foreign companies processing data of EU residents. Who? [..] Activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not and [..] data subjects who are in the Union by a controller or processor not established in the Union and: offering of goods or services or the monitoring takes place within the Union. Changes? This is not a directive, this is a regulation. It does not require any enabling legislation to be passed by national governments.
How? Companies need to do everything they can to securely process data (data protection by design and by default). The controller shall implement appropriate technical and organisational measures. Personal Data? Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. EU
turnover of the preceding financial year in case of an enterprise
turnover of the preceding financial year in case of an enterprise
Art. 12 - Informed Consent Criteria The controller shall take appropriate measures to provide any information relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. [..] The controller shall provide information on action taken on a request within one month of receipt of the request. Art. 15 - Right of Access the right to obtain from the controller confirmation as to whether or not personal data and access to the personal data Art. 16 - Right to rectification the right to obtain from the controller without undue delay the rectification of inaccurate personal data LAW
Art. 24 – Responsibility of the controller the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary. Art. 25 - Data Protection by Design and By Default The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons
Mandatory appointment:
Art. 33 - Notification of a personal data breach to the supervisory authority In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority Art. 34 - Communication of a personal data breach to the data subject When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
State-of-the-art Dictionary: The latest and most sophisticated or advanced stage of a technology , art, or science. Cambridge dictionary: Very modern and using the most recent ideas and methods. A state-of-the-art computer The control panel uses all the newest technology and is considered state-of-the-art. Dizionari Corriere: Di altissimo livello, di punta, modernissimo, avanzato. Wikipedia:
esisteva già in precedenza, nella contrattualistica privata, il concetto di regola dell'arte, o regola d'arte. I I
Pseudonymized Data Record Les Clyde Marco Anonymized Data Record Les Clyde Marco " Pseudonymization is a method to substitute identifiable data with a reversible, consistent value. Anonymization is the destruction of the identifiable data.” EU
Ogni singolo requisito è classificato: La prima, « Minimo », specifica il livello sotto il quale nessuna amministrazione può scendere: i controlli in essa indicati debbono riguardarsi come obbligatori. La seconda, « Standard », può essere assunta come base di riferimento nella maggior parte dei casi, Mentre la terza, « Alto », può riguardarsi come un obiettivo a cui tendere.