PRIVACY: the countdown for companies has started

PRIVACY: the countdown for companies has started

Twenty years after the first European Directive on Privacy (Dir. 95/46 / EC) there has been a change of the rules in Europe. On May 25, 2016 the new European Regulation 2016/679 came into force, approved on 14 April 2016 by the European Parliament, concerning the protection of personal data. The new package of regulations, with the role of the regulation (legal act of “self-executing”) required in the same way and simultaneously in all countries of the European Union after publication in the official journal. The discipline will be effective even extraterritorial as mandatory for any holder who carries a flow of information to those concerned EU residents.
Businesses and governments have two years (until 25 May 2018) to adapt to the new rules.
In Italy, companies should get to work on the issue before this deadline. The period (two years) is not long. Businesses must, in fact, start work immediately, taking account of possible new sanctions. The rules provide a tightening of administrative sanctions provided by private and public companies; in the case of violations of the principles and provisions of the Regulations, the sanctions in particular cases can reach up to € 20 million or 4% of the total annual worldwide turnover of the previous year.

Below is a summary of the main changes.
? The Data Protection Officer (DPO).
Public and private companies will be obliged to appoint a DPO – Head of Data Protection. This may be a competent professional in the field of data protection, employee of the data controller company, or alternatively, an external collaborator. In any case, the DPO must be in possession of specific requirements, such as expertise, experience, independence and autonomy of resources.
? The register of processing activities.
The owner or manager will have the sealing requirement of a register of the processing activities carried out in order to demonstrate compliance with the provisions of the Regulations.
? The privacy impact assessment.
In certain cases, public and private firms, before proceeding should carry out an impact assessment (privacy impact assessment).The Privacy Authority will draw up a list of the types of treatment subject to this requirement.
? The right to be forgotten.
Recognised so far only at the level of case law (judgment issued against Google by the European Court of Justice), now institutionalised regulatory challenges: the addressee can choose to be deleted and have no further processing of their data by means of withdrawal of consent if the data is no longer needed for the purpose for which it was collected, or when treatment does not conform to the rules.
? Privacy by design, data portability, accountability, privacy breach by date, by default privacy
Citizens have:
– The right to be informed in a transparent and dynamic way on the treatment of the data and the adoption of privacy policies and appropriate measures in accordance with regulation (accountability- principle of accountability);
– The right to be informed about violations of their personal data (data breach notification);
– The right to receive in a format of common use, and readable by an automatic device, the personal data supplied to a data controller and the transmission of such data to another data controller unimpeded (data portability).
The protection of personal data must be evaluated, before the time of designing and processing (data protection by design) of new procedures, with the appropriate technical and organisational measures. Data should only be used for the intended purposes and for the time strictly necessary (privacy by default).


Related Posts

Commitment and Engagement: New…

There has been much discussion in recent months about the Great Resignation phenomenon  which has revealed a constant increase in resignations in many sectors, including in the Italian labour market.…
Read more

The importance of the…

Mariapaola Rovetta Lawyer The company Code of Ethics governs many aspects of company life. The rules included in it have the purpose of guaranteeing values ??such as equality, fairness, confidentiality,…
Read more

New Applications for Remote…

by Federico Manfredi and Rebecca Pala Remote working has revealed itself to be a revolution in the methods of execution and management of the employment relationship, destined to stabilize on…
Read more