For the ORGANIZATIONAL DATA SECURITY FUNDAMENTALS , the Senior / Chief Decision Makers includes:
CEO: Decision maker (titolare in italian)
CFO: Budgeting and finance
CIO: ensures support with its technical know-how
ISO: Risk analysis and mitigation
Steering Committee: defines the objective risks and how to deal with them
Auditor: evaluate the Business Processes of Security Systems
Data Owner: classifies the data
Data Custodian: day by day deals with the “maintenance of data”
Network Administrator: ensures the availability of network resources
Security Administrator: responsible for all the security and associated tasks, with particular regard to “Confidentiality and Integrity”.
It would always be advisable to appoint a press officer.
DPO Data Protection Officer
European legislation has introduced new mandatory actors for the protection of personal data. The charge of the DPO is mandatory based on the provisions of art. 37 GDPR [14] against PA (Public Administration) without exceptions; in the case of treatments that require regular and systematic monitoring of large-scale data; when the processing involves sensitive personal data (Article 9) or data relating to criminal convictions and offenses referred to in Article 10 massive treaties. The DPO must act in the interests of the interested parties and of the entire community, not only of the CEO. Even if the charge of the DPO is not mandatory for the infrastructures not included in the cases contemplated by the Regulation, once the CEO has charged her/him (DPO), the rules set out in art. 37-39 of the GDRP must, in any case, be fully applied.