Data Protection Bites 5/2019

​ITALY

Data Breach, almost half of the companies did not comply with the GDPR. That’s why they’ve been attacked.

IBM Security announced the results of a global study that explores the preparedness of companies in relation to their ability to withstand and restore operations following a cyber attack.

SPAIN 

New legal obligation of employers to control employees' working hours. The data protection implications.

On May 12th 2019, a new obligation came into force in Spain that requires all companies to establish a daily record of the working hours of their employees. When a system makes it possible to record the entry and exit times of a specific employee, these data clearly identify a specific person individually, which is why we are talking about a new processing of workers' personal data, which must comply with the regulations on the protection of personal data.

Click here to read the full article »

LATVIA

News from Latvia

Latvian data protection supervisory authority – Data State Inspectorate (DSI) - in its summary for year 2018 has highlighted the figures with regard to activity on personal data protection throughout the year: among 1206 claims submitted to DSI for the preliminary inspection in 97 cases the violations have been detected, resulting in different extent of sanctions imposed accordingly. No data on total monetary fines has been made available.

Click here to read the full article »

​ITALY

Italian Data Protection Authority: "guaranteeing confidentiality for cases of sexual abuse"

Italian Data Protection Authority  has disapproved the behavior of some newspapers in these days, in commenting on the police investigations carried out for a case of sexual abuse, that have reported details (above all of a sexual nature) exceeding the legitimate informative purposes prosecuted, as well as excerpts of a hearing held in a protected form - as a duty in these cases - also in order to guarantee the necessary confidentiality to the child. The minor's right to privacy - especially the victim - must always be considered primary with respect to the right to exercise the right to information.

​Click here to read more (in Italian) »

One year of GDPR, sanctions and relations between the various Authorities

The relevant changes that have emerged one year after the entry into force of the Regulation are as follows. ​

Click here to the full article »

Annual report of the Data Protection Authority on 07.05.2019 to the Chamber of Deputies.

The Data Protection Authority for the protection of personal data presents on May 7, at 11:00, in the Hall of the Queen of the Chamber of Deputies (Piazza di Monte Citorio), the Report on the activities carried out in 2018.

The Report closes the seven-year term of the Board of Statutory Auditors chaired by Antonello Soro and also takes stock of the state of implementation of the relevant legislation and indicates the new scenarios that are opening up for the protection of personal data.

Click here to read more (in italian) »

SPAIN 

The final list of processing operations subject to the requirement of a DPIA has been published.

As highlighted in the past March release of the Data Protection Bites, on 12th of March the EDPB (European Data Protection Board) published its Opinion 3/2019 to the draft list submitted by the Spanish Supervisory Authority (Agencia Española de Protección de Datos, hereinafter, AEPD) regarding the processing operations subject to the requirement of a DPIA in accordance with paragraph 4 of article 35 of the GDPR.

Click here to read the full article »