PRIVACY: the countdown for companies has started

PRIVACY: the countdown for companies has started

Twenty years after the first European Directive on Privacy (Dir. 95/46 / EC) there has been a change of the rules in Europe. On May 25, 2016 the new European Regulation 2016/679 came into force, approved on 14 April 2016 by the European Parliament, concerning the protection of personal data. The new package of regulations, with the role of the regulation (legal act of “self-executing”) required in the same way and simultaneously in all countries of the European Union after publication in the official journal. The discipline will be effective even extraterritorial as mandatory for any holder who carries a flow of information to those concerned EU residents.
Businesses and governments have two years (until 25 May 2018) to adapt to the new rules.
In Italy, companies should get to work on the issue before this deadline. The period (two years) is not long. Businesses must, in fact, start work immediately, taking account of possible new sanctions. The rules provide a tightening of administrative sanctions provided by private and public companies; in the case of violations of the principles and provisions of the Regulations, the sanctions in particular cases can reach up to € 20 million or 4% of the total annual worldwide turnover of the previous year.

Below is a summary of the main changes.
? The Data Protection Officer (DPO).
Public and private companies will be obliged to appoint a DPO – Head of Data Protection. This may be a competent professional in the field of data protection, employee of the data controller company, or alternatively, an external collaborator. In any case, the DPO must be in possession of specific requirements, such as expertise, experience, independence and autonomy of resources.
? The register of processing activities.
The owner or manager will have the sealing requirement of a register of the processing activities carried out in order to demonstrate compliance with the provisions of the Regulations.
? The privacy impact assessment.
In certain cases, public and private firms, before proceeding should carry out an impact assessment (privacy impact assessment).The Privacy Authority will draw up a list of the types of treatment subject to this requirement.
? The right to be forgotten.
Recognised so far only at the level of case law (judgment issued against Google by the European Court of Justice), now institutionalised regulatory challenges: the addressee can choose to be deleted and have no further processing of their data by means of withdrawal of consent if the data is no longer needed for the purpose for which it was collected, or when treatment does not conform to the rules.
? Privacy by design, data portability, accountability, privacy breach by date, by default privacy
Citizens have:
– The right to be informed in a transparent and dynamic way on the treatment of the data and the adoption of privacy policies and appropriate measures in accordance with regulation (accountability- principle of accountability);
– The right to be informed about violations of their personal data (data breach notification);
– The right to receive in a format of common use, and readable by an automatic device, the personal data supplied to a data controller and the transmission of such data to another data controller unimpeded (data portability).
The protection of personal data must be evaluated, before the time of designing and processing (data protection by design) of new procedures, with the appropriate technical and organisational measures. Data should only be used for the intended purposes and for the time strictly necessary (privacy by default).


Related Posts

Legitimate dismissal (for poor…

(By Enrico Vella, Trifirò & Partners Law Firm) With Ordinance No. 24722/2022 of 11.8.2022, the Supreme Court of Cassation, ruling on the legitimacy of a dismissal imposed for poor performance,…
Read more

The dismissal of probationary…

(Court of Milan, 22 June 2022, no. 1638) Labour Law (case followed by Andrea Beretta) An employee hired with a part-time contract and dismissed during the probationary period, challenged the…
Read more

The new world of…

As has been effectively said, the future (or present) of the world of work - a consequence of economic and organisational transformations due to the pandemic - is a hybrid…
Read more