PrivacyControl
Adeguamento GDPR - Privacy
  • Who we are
  • Our Services
    • Legal assistance – Privacy violation
    • Privacy Consulting
  • qUOTES
  • Customer Area
    • Notice Board
    • File
      • My Files
        • Update file
      • Create file
    • Pages
      • My pages
        • Update page
      • Create page
    • My account
      • Account details
      • Edit profile
      • Logout
  • English
    • Italian
  • FAQ
  • BLOG
  • Partners
  • Events
corte_cassazione

DPO: eminently legal profile

TAR, Friuli Venezia Giulia, section I, judgment of 13/09/2018 No. 287

The TAR for Friuli Venezia Giulia, section one, with the judgment of 5 September 2018, n. 287 enters into the merits of a highly debated issue that arose following the entry into force of the EU Regulation no. 2016/679 on the protection of personal data (GDPR) and that is that of the skills required by the DPO for the performance of the tasks provided for by the art. 39 of the GDPR but which can also go beyond the same regulatory requirement.

The Tar de Friuli Venezia Giulia intervenes on the requirements that the DPO must fulfill in the context of the new European Privacy Regulation and on the role of the certifications for the selection by the public administrations of this latest role.

The role of the Dpo (data protection officer) is eminently legal, according to the administrative court.

In the case The Regional Administrative Court ANNUALLA a bankruptcy procedure aimed at the appointment of in Dpo in the public sphere specifying that “ Coming to the merit of the appeal, believes the Board that it is manifestly founded in relation to the contested identification of the ISO / IEC / 27001 Auditor / Lead Auditor certification as a requirement for admission to the selective procedure (complaint 1.1, introduced in the appeal, repeated in the reasons added to No. 3)”.

CALL US NOW FOR INFORMATION ON THE NEW EUROPEAN PRIVACY REGULATION!

On this point, it should be noted that the aforementioned certification does not constitute, as objected by the applicant, a qualifying title for the purposes of hiring and performing the functions of data security manager, in the riverbed of the discipline introduced by the GDPR , having to consider that:

  • on the one hand, the ISO 27001 standard is prevalently applied in the context of business activity (suffice it to note that the references addressed to it, by the national legislator and by the Euro-unitary system, essentially concern the requirements of economic operators, such as example occurs in the case of art.93, paragraph 7, Legislative Decree no.50 of 2016, on the subject of guarantees for participation in the assignment procedures in ordinary sectors);
  •  

  • on the other hand, the same rule, however potentially extensible to the activity of public administrations, is without prejudice to the application of special provisions (euro-unitary and national) on the protection of personal data and confidentiality (point 18 “compliance” of the aforementioned ISO standard; see in particular: 18.1.1 and 18.1.4), so that the meticulous knowledge and application of the sector regulations remain, regardless of whether or not they possess the certification in question, the essential and irreducible core of the professional figure sought through the selective procedure undertaken by the Company, whose profile, for the aforementioned considerations, can only qualify as eminently legal.

It follows that the certification , indicated in the notice, in itself cannot constitute an admission requirement for the selection under consideration (let alone rise as an equivalent to the required degree), precisely because it does not grasp (or does not fully grasp) the specific guarantee function inherent in the assignment, whose main object is not constituted by the provision of mechanisms aimed at increasing the levels of efficiency and security in the management of information, but if anything, as noted in the appeal, concerns the protection of the fundamental right of the individual to the protection of personal data regardless of the methods of their propagation and the forms, albeit lawful, of use “.

CALL US NOW FOR INFORMATION ON THE NEW EUROPEAN PRIVACY POLICY!

Fonte: the sun 24 hours

Do not take unnecessary risks waiting for the last moment to adapt, in case of non-compliance with the privacy obligations, the European Privacy Regulation provides for administrative fines of up to € 20,000,000 or up to 4% of your turnover if greater than this amount.

The Privacy Consent GDPR 679/16 and Legislative Decree 101/18 Privacy: here comes the Checks Sample

Related Posts

adeguamento gdpr privacy control

BLOG, News

GDPR: WHAT IT IS AND WHY COMPANIES SHOULD ADJUST US

data protection officer profilo giuridico privacy control

BLOG, News

DPO – Data Protection Officer: the data protection officer

gpdr trattamento dati dipendenti azienda privacy control

BLOG, News

GDPR: the processing of employee data by the employer

Recent Posts

  • adeguamento gdpr privacy controlGDPR: WHAT IT IS AND WHY COMPANIES SHOULD ADJUST US
  • data protection officer profilo giuridico privacy controlDPO – Data Protection Officer: the data protection officer
  • gpdr trattamento dati dipendenti azienda privacy controlGDPR: the processing of employee data by the employer
  • cyberbullismo gdpr privacy controlData protection of minors and cyberbullying: what changes with the GDPR
  • Data Protection Officer: because you need an autonomous and independent figure

Vuoi rimanere aggiornato sui temi Privacy & Cybersecurity?

PrivacyControl
Links
  • Facebook
  • Youtube
  • linkedin
© PrivacyControl 2022
Privacy Control, brand di Privacycert Lombardia srl • Pass. Don seghezzi, 2, 24122 Bergamo (BG)
P.IVA 04224740169 • Cap. Sociale 10.000,00 € I.V. • REA N. 445875 • Privacy policy
Tutte le immagini e i contenuti presenti in questo sito sono coperti da copyright. Condizioni di Vendita

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

Privacy Control Logo Trasparente
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

Per maggiori informazioni leggi la nostra Cookie Policy