FTC publishes a new blog post on how to increase security

The Federal Trade Commission (FTC) has published another post on its Security Guide for Businesses.  The post addresses topics related to updates of security procedures and prevention of data vulnerabilities.  Through the post the Commission outlines ways to face specific security concerns and risks, explaining how to promptly handle such cases.

The post is available here

European Commission plans cybersecurity overhaul, giving ENISA more power

After the Commission’s president Jean-Claude Juncker’s annual state of the union speech, the Commission has published two documents on the new cybersecurity reform. These documents describe the additional funds and new powers given to the European Union Agency for Network and Information Security (ENISA). The idea is to provide the agency with greater powers by creating an EU-wide certification scheme, allowing it to coordinate cooperation with member states’ national authorities to counter a broad-scale cyberattack.

Find the press releases on the new documents issued here

Spanish DPA recognises Google's compliance with its law on data flows

The tech giant has announced its compliance with the Spanish law on its blog. The Spanish DPA (AEPD) has admitted that the guarantees provided by Google G suite and Google Cloud Platform are adequate to permit the international transfers of data to the U.S. Now Spanish customers can enjoy the system by simply applying to the model contract clauses available online and notifying their transfer to the AEPD. This permission could play a fundamental role not only for the future use of Google's tools in Spain but all over Europe.

Google's post is available here

The EU Justice Commissioner is ready for the first EU-US Privacy Shield annual test

EU Justice Commissioner Věra Jourová has clear expectations for the two-day meeting on Privacy Shield planned for the next week. The Commissioner is optimistic but acknowledged that there is still "room for improvement." Jourová has underlined that the she intends to push for the creation of an independent ombudsperson that is still absent in the US set of rules. After the Washington meeting, the Commissioner has planned meetings with Google, Facebook and various NGOs.

Further information available on the EU Observer’ website

Italian DPA declares that future DPO does not need formal certificates

In its newsletter, the Italian DPA (the “Garante”) has declared that public administrations, as well as private individuals, will have to choose their Data Protection Officer with particular attention, by verifying the presence of specific skills and experiences but not necessarily of specific certificates. This means that no formal attestations are required about the possession of knowledge or enrolment to special professional apprentices. These are some of the indications provided by the “Garante" upon a first clarification request regarding the appointment of Data Protection Officers, which all public bodies and many private persons will have to designate by May 2018.

The Garante newsletter is available (in Italian only) here