On January 12, 2018 the advanced training course on personal data protection for professional training of the Data Protection Responsible, better known as Data Protection Officer (DPO), will begin.

The course - which enjoys the patronage of the Data Protection Authority - was activated in implementation of the Memorandum of Understanding of April 28, 2017, signed between the National Bar Council (CNF) and the National Council of Engineers (CNI), on a project by the Italian Foundation for Forensic Innovation (FIIF) and thanks to the interest of the two National Councilors Lawyer Carla Secchieri and Engineer Luca Scappini who assume its coordination.

The 88-hour course is reserved for Lawyers and Engineers.

I have the honor of being a member of the Scientific Committee and lecturer together with distinguished academics and professionals.

My involvement as a lecturer sees me engaged in lessons on “Transfers of personal data to third countries or international organizations” (on 10/2/2018) and on “Data protection by design and by default” (on 17/3/2018).

The inaugural lesson on the theme “The right to data protection and the protection of the person” will be held on January 12, 2018 at 2:30 PM with the intervention of the Data Protection Authority - Dr. Antonello Soro - and eminent scholars (Prof. Lawyer Salvatore Sica, Prof. Lawyer Alberto Maria Gambino).

Lawyer Carla Secchieri - coordinator of FIIF - grasped the importance and relevance of the new European legislation on personal data protection (EU Regulation 2016/679) proposing with extreme sensitivity towards the most innovative aspects a project that then resulted in the organization of the course.

This is an important opportunity for specialized professional training, especially at a time when professions are also extending to contexts that are not typically traditional.

In my modest opinion, the profession must be considered in continuous evolution and cannot disregard innovations that require the necessary attention in terms of training, so as to increase the professional skills required by the market. This experience teaches how the profession, particularly the forensic one, is not only linked to typically regulatory aspects because the GDPR discipline also requires knowledge of technical issues, especially with reference to IT security.

In fact, in the course there will also be lessons on technical standards that assume a primary role regarding the security measures to be adopted in the processing of personal data. Personal data protection, in fact, must be correctly qualified - in light of the GDPR discipline - as a sequence of processes and not as a single fulfillment to guarantee compliance. The processing of personal data is a living and dynamic theme, not static. The Data Protection Officer (DPO) assumes a primary role and undoubtedly constitutes one of the new professional figures. The GDPR requires on the one hand the “systematic” designation of the DPO in the presence of the conditions provided for by Article 37, paragraph 1, and on the other the possession of “professional qualities, in particular specialized knowledge of data protection legislation and practices, and the ability to fulfill the tasks referred to in Article 39”. Article 39 provides:

Article 39 - Tasks of the data protection officer

1. The data protection officer shall have at least the following tasks:

a) to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;

b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;

d) to cooperate with the supervisory authority; and

e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.

2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing”.

Article 39 of the GDPR, therefore, indicates the minimum tasks (it says “at least”) that are required of the DPO, but evidently an in-depth knowledge of the entire EU Regulation 2016/679 and of the rules, including technical ones, on personal data protection and security is necessary.

Moreover, the CCBE (Council of Bars and Law Societies of Europe) has also issued several documents on data protection and, specifically regarding the GDPR, as early as 19/5/2017 the guide entitled “CCBE Guidance on the main new compliance measures for lawyers regarding the General Data Protection Regulation (GDPR)”.

This attests that we are facing a topic of absolute importance also for the forensic profession and, in light of this, it is desirable that the course be replicated to allow other professionals to deepen the topics on personal data protection.