Scopri gli articoli di Geeks Academy: coding, cyber sicurity, big data, uxd, digital innovation design, markeing e management
WHO IS THE DATA PROTECTION OFFICER AND WHAT DOES IT DO?
The European regulation "Global Data Protection Regulation" (GDPR) provides, within the scenario of corporate IT security, various figures responsible for the treatment, processing and protection of data. In fact, in a highly interconnected world the role of data has grown of importance and, therefore, also the legal protection of it gained a central role inside the european legislation. Not surprisingly, data is the main target of cyber attacks that occur at the hand of criminal organizations which operate purely in the cyber space (in this case we speak of Cybersecurity).
Remaining in the corporate security scenario, the GDPR finally provides an adequate governance system for companies that collect, manage and process data whether they are their own or those of other subjects (e.g. sensitive / personal data).
The European directive regulates the processing and management of data with certain provisions that must be respected by all companies in the 27 member states of the European Union. Not only companies based in the EU will be involved but also those that, albeit based outside the European Union, operate on data from a state that is part of it. For companies that do not follow and respect this precise legislation, very severe penalties are envisaged.
Among the rules of the GDPR that came into force starting from 2018, it is prescribed that each company processes the data under the responsibility of the data controller who can in turn delegate the protection of the latter to a Data Protection Officer. This figure, who may or may not be an employee of the company (for example a freelancer who works for various companies at the same time), is responsible for ensuring that all the technical and administrative procedures are put in place, and constantly implemented ensuring therefore the correct data processing and protection in accordance with the provisions of the GDPR.
THE GDPR, THE GENERAL REGULATION ON DATA PROTECTION IN FORCE SINCE 2018
From 25 May 2018, the European Regulation 2016/679 issued the "General Data Protection Regulation (GDPR - General Data Protection Regulation)" on the processing of personal data to ensure their protection and circulation, which is mandatory for the authorities, for almost all public bodies and for those who process sensitive or judicial data.
The legislation on "the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data" provides that for all companies, public and private, which deal with the processing of personal data, it is mandatory to have the figure of the Data Protection Officer, a data protection officer who will take care of preparing a plan to guarantee the security of data processing within a company.
In view of the GDPR, European companies will have to organize themselves to understand how to best manage their data and, according to the latest surveys, it seems that they are not yet ready for this type of organization.
The figures responsible for data within the companies (data controller and data processor, according to the GDPR regulation) must notify the data protection authorities by sending the report of the violation within 72 hours.
The Data Protection Officer must know the legislation and how to manage personal data correctly and securely. The figure should carry out his function in full autonomy whether he works as an employee or as an external collaborator in order not to have any external influence that compromises his modus operandi.
The duties of the Data Protection Officer are described in art. 39 of the Regulation and in summary we can say that the data manager must:
- inform the personnel involved in data protection of the provisions of the GDPR, the EU and the regulations of each state;
- verify that the regulations are implemented and respected;
- be a point of reference, and also act as a bridge, for the Privacy Guarantor and for the managers of the data processing area;
- but above all to ensure compliance with the rules in order to avoid sanctions.
DATA PROTECTION OFFICER TRAINING AS PART OF THE GEEKS ACADEMY INFORMATION SECURITY & DATA PROTECTION COURSE
The figure of the DPO, with a mixed background between information technology and law regarding data processing and privacy, will have, among other tasks, the responsibility of carrying out impact assessments on data protection (Article 35 of the GDPR ). Precisely for this purpose, the DPO is an expert in privacy and data processing.
The GDPR also introduces the figures of the data controller and the data processor, respectively the owner and the person in charge of data processing. However, in the current business scenario, the processing of data concerns all the operational and administrative procedures of the company as well as the technology adopted during the life cycle of the "data": from its generation, or acquisition, until its storage or destruction.
Precisely for these reasons, for our courses we have included the GDPR regulation in the more general framework of Information Security & Data Protection which is the branch that deals with business risk related to information technology. These courses not only prepare for the training to become a DPO, but also allows participants to acquire a competence on IT security management methods, with a complete overview of every step of the technology involved in its implementation and, in addition, to obtain a EXIN certification recognised worldwide.
CRYPTOGRAPHY AND DIGITAL IDENTITY IN THE NEW EUROPEAN REGULATIONS
Two other European regulations in force provide the regulatory framework for identification systems and electronic trust systems (eg SPID, electronic signatures and seals, certified e-mail, etc.) and in general the definition of procedures for IT security, allowing mutual recognition and above all defining its cross-border legal validity within the limits of the European Community. These regulations are "eIDAS" (for trust services) and the "NIS directive" (for information security) and companies must already be prepared, possibly relying on adequately updated specialists. Precisely for this reason, the Information Security & Privacy Management courses contain modules dedicated to the study of these laws and regulations in which the operating principles of two tools for interacting with public administrations will also be described: the public identity system. digital (SPID) and certified electronic mail (PEC).
Rather than focusing on defensive and offensive security techniques, in these courses attendants will learn the methodologies and high-level nomenclature to create the various types of security plans and to insert procedures, rules and behaviors within the already existing governance tools. in the company. In any case, the courses will provide everyone with the technological bases relating to security systems (types of security controls, public key cryptography and trust models, management of identities and IT authorizations, security of networks and their protection, of OS and software application) to understand the technical reasons for the vulnerabilities of IT systems and how to mitigate them. In addition, the courses will also review the major cyber attacks of the past few years and make some critical considerations on how to prepare for the future.
COURSES TO BECOME A DATA PROTECTION OFFICER
At the Geeks Academy it is possible to attend EXIN Security Information Management and EXIN Privacy & Data Protection courses. The teaching staff consists of Walter Arrighetti - Certified Information Systems Security Professional (CISSP®) as well as consultant in the Cloud, Security and Imaging field; Adolfo Di Fonzo, Cybersecurity Division Manager of Digital Engineering; and Alessandro Molari, CeSeNA Researcher, Ethical Hacker and Penetration tester. These courses will provide the necessary skills to work as a Data Protection Officer in both public and private companies. Therefore, at the end of the program your profile will be spendable as IT Security Managers who are able to understand the origin of any threats and know the right means to identify and counter them.
Don't wait to see the future as a spectator ... be the protagonist! Join the Geeks Academy and become a Data Protection Officer and GDPR expert!