In May 2016 came into effect the new European regulation about personal data protection which constitutes a qualitative leap in the relationships between citizens and development of digital services, in the system of responsibilities and implementation of security measures to protect sensitive data.
This law will be applied in the Member States from May 2018: by that date firms and Public Administrations will have to organize themselves and comply with the new rules.
With the new measures, Citizens are at the centre of the system and have the following rights:
• data portability
• right to be forgotten, until now recognised just at case-law level
• right to be informed in a transparent, fear and dynamic way about the processing of personal data and right to control them
• right to be informed about data breaches
Therefore the text in question recognises a high and uniform level of data protection and has the purpose of giving to citizens a greater control on their use. Besides, citizens have the rights to be advised by Public Administrations and companies about data breach (data breach notification) within 72 hours.
With GDPR the “principle of accountability” comes into our legislation: PA and companies that process personal data must demonstrate the application of proper security measures, effective to protect data and that they are keeping them constantly updated. In addition, firms must demonstrate that their activities and processing are compliant with the principles and provisions of GDPR, including the efficiency of security measures.
In the next post we will talk about DPO, a new important professional introduced by GDPR, stay tuned!