managing personal data protection compliance: privacy ... · © 2017 ict legal consulting –tutti...

ICTLC|www.ictlegalconsulting.com© 2017 ICT Legal Consulting – Tutti i diritti riservati

Managing personal data protection compliance: Privacy Level Agreements (PLA V3 CoC) for cloud service providersCSANLSummitLeiden,TheNetherlands,13April2017

PaoloBalboni,Ph.D.-@balbonipaolo

Founding PartneratICTLegalConsulting&PresidentoftheEuropeanPrivacyAssociationpaolo.balboni@ictlegalconsulting.com - [email protected] - http://europeanprivacyassociation.eu/


Agenda

1. Regulation(EU)2016/679(GDPR):compliancetimeline&methodology

2. PLA_V3CoC: acompliancetoolwithRegulation(EU)2016/679

3. Q&A

2


EUDataProtectionReform

2012• StartofreformprocessaimingtoaligndataprotectionlawsoftheEU’s28MemberStates,andupdaterulesforthedigitalage

April2016• GDPRisenactedafteryearsofdifficultnegotiations

May42016• TextpublishedintheOJEU- entersintoforce20daysafterpublication

May252018• GDPRappliesthroughouttheEUafter2-yeartransitionperiod

3

CurrentlegalframeworkbasedonDirective95/46/ECinconsistentpatchworkofnationallaws.

GDPRobjectives:highlevelofprotection(maintainsdataprotectionprinciples),modernization,harmonization,moreeffectiveimplementation

ICTLC|www.ictlegalconsulting.com© 2017 ICT Legal Consulting – Tutti i diritti riservati 4

Accounta-bility

Dataprotectionbydesign&bydefault

Dataprotectionimpact

assessment

Informationtothedata

subject

Legitimatebasis

Rightsofthedatasubject

SimplifiedDataProcessingCycle

PLAV3


CSAPrivacyLevelAgreement(PLAV3)

Goal:- ProvideCSPsatooltoachieveEU-widedataprotectioncompliancewiththeGDPR- ProvidecloudcustomerwithatooltoevaluateCSPEU-widedataprotectioncompliancewiththeGDPR

Structure:FollowsEUactualandforthcomingDataProtectionLawConsidersdifferencesbetweenCSP-controllerandCSP-processor


PLAV2(V3)Table(Annex1)

ICTLC|www.ictlegalconsulting.com© 2017 ICT Legal Consulting – Tutti i diritti riservati 7

Accounta-bility

Dataprotectionbydesign&bydefault

Dataprotectionimpact

assessment

Informationtothedatasubject

Legitimatebasis

Rightsofthedatasubject

SimplifiedDataProcessingCycle

PLAV3


Thank you for your attention!Q&A

Milan - Bologna - Rome - Amsterdam

8

© 2017 ICT Legal Consulting - All rights reserved. This document orany portion thereof may not be reproduced, used or otherwisemade available in any manner whatsoever without the expresswritten permission of ICT Legal Consulting, except for the usepermitted under applicable laws

PaoloBalboni,Ph.D.-@balbonipaolo

Founding PartneratICTLegalConsulting&PresidentoftheEuropeanPrivacyAssociationpaolo.balboni@ictlegalconsulting.com - [email protected] - http://europeanprivacyassociation.eu/


PaoloBalboniPAOLO BALBONI, Ph.D – President of the European Privacy Association, Cloud Computing Sector Director and responsible for ForeignAffairs at the Italian Institute for Privacy, Lawyer admitted to the Milan Bar specialised in ICT, new technologies law and personal dataprotection. Lead Auditor BS ISO/IEC 27001:2013 (IRCA Certified).

He provides legal advice to multinational companies, especially concerning personal data protection, e-contracts, e-commerce, e-marketing, advertising, cloud computing, Web 2.0 service providers' liability, Internet content providers’ liability, e-signatures, digitalretention of documents and intellectual property rights. Balboni has considerable experience in Information Technologies includingCloud Computing, Big Data, Analytics, and the Internet of Things, Media and Entertainment, Healthcare, Fashion, Insurance, Banking,AntiMoney Laundering (AML), and Counter-Terrorist Financing (CFT).

Author of the book ‘Trustmarks in E-commerce’, Paolo Balboni is Visiting Expert at the Maastricht European Centre on Privacy andCybersecurity and Research Associate at Tilburg University (The Netherlands). He was selected to be part of the drafting group of theEuropean Union Commission Data Protection Code of Conduct for Cloud Service Providers (under Key Action 2: Safe and fair contractterms and conditions of the European Union Cloud Strategy). He co-chairs the Privacy Level Agreement (PLA)Working Group of CloudSecurity Alliance and has acted as the legal counsel for the European Network and Information Security Agency (ENISA) projects on‘Cloud Computing Risk Assessment’, ‘Security and Resilience in Governmental Clouds’, ‘Procure Secure: A guide to monitoring ofsecurity service levels in cloud contracts’ and ‘Common Assurance Maturity Model – Beyond the Cloud (CAMM)’. He is activelyinvolved in European Commission studies on new technologies and data protection.

He obtained his Law Degree with distinction from the University of Bologna in 2002 and a Ph.D. from Tilburg University onComparative ICT Law in 2008. He speaks fluent Italian, English andDutch, and has good knowledge of French, Spanish andGerman.

9


ICTLegalConsulting

ICT Legal Consulting is an Italian law firm with offices in Milan, Bologna,Rome and Amsterdam. The firm is present in 19 other countries:Australia, Austria, Belgium, Brazil, China, France, Germany, Greece,Mexico, Poland, Portugal, Romania, Russia, Slovakia, Spain, the UnitedKingdom the United States, Turkey and Hungary.

10


ICTLegalConsultingIAwards

11


ICTLegalConsultingIContacts

ICTLC | ICT Legal Consulting is present in 19 other countries:Australia, Austria, Belgium, Brasil, China, France, Germany, Greece, Mexico, Poland, Portugal, United Kingdom, Romania, Russia, Slovakia, Spain, United States, Turkey, Hungary

MilanoVia Zaccaria, 420122 - Milano - ItaliaTelefono: +39 02 84247194Fax: +39 02 700512101

BolognaVia Ugo Bassi, 340121 - Bologna - ItaliaTelefono: +39 051 272036Fax: +39 051 272036

RomaPiazza di San Salvatore in Lauro, 1300186 - Roma - ItaliaTelefono: +39 06 97842491Fax: +39 06 23328983

AmsterdamVeemkade, 3961019 HE - Amsterdam - Paesi BassiTelefono: +31 (0)20 894 6338Fax: +31 (0)20 808 5050

Follow us on: Email [email protected]

Skype contactIct.legal.consulting

12

managing personal data protection compliance: privacy ... · © 2017 ict legal consulting –tutti...

Documents