On 25th May 2018 European regulation no. 2016/679 will become finally applicable also in Italy. The Regulation concerns the protection of natural persons with regard to the processing of personal data and the free movement of such data.
Among the main changes introduced by the European Legislator there are more clear rules regarding information and consent, a greater protection of the data subjects, the duty to communicate to the Data Protection Supervisor possible data breaches and, above all, the accountability of the data controllers and the adoption of approaches and policies that constantly take into consideration the risk that a given processing of personal data may entail for the rights and freedoms of the data subjects.
Therefore, each business is called to guarantee data protection right form the design and creation of a processing or a system (the so-called privacy by design) and to adopt behaviours that allow to prevent possible problems. The figure of the Data Protection Officer (DPO) has also been introduced. The DPO is in charge of ensuring the correct handling of personal data in businesses and institutions.
Therefore, in such context, businesses will first of all have to carry out verifications to identify and pinpoint the types of personal data processed within their activity, also assessing the lawfulness of the processing and identifying the areas that present higher risks. Further work will then be needed to comply with the new regulation including, among the various activities, the implementation of standard procedures aimed at the development of the business privacy policies.
Besides being a distinctive feature of a business in its relationship with its clients, compliance with the regulation is recommended also due to the high pecuniary penalties provided by it. In fact, for given breaches the regulation provides administrative fines which may amount to up to 4% of the total worldwide annual turnover.
In order to analyse these issues and to explain the approach our Firm suggests to adopt in order to be ready for the 25th May, we organized two seminars on 9th March in Bologna and on 12th March in Trieste.