GDPR: A DEEPER LOOK

In May 2016 came into effect the new European regulation about personal data protection which constitutes a qualitative leap in the relationships between citizens and development of digital services, in the system of responsibilities and implementation of security measures to protect sensitive data.

This law will be applied in the Member States from May 2018: by that date firms and Public Administrations will have to organize themselves and comply with the new rules.

With the new measures, Citizens are at the centre of the system and have the following rights:

data portability
• right to be forgotten, until now recognised just at case-law level
• right to be informed in a transparent, fear and dynamic way about the processing of personal data and right to control them
• right to be informed about data breaches

Therefore the text in question recognises a high and uniform level of data protection and has the purpose of giving to citizens a greater control on their use. Besides, citizens have the rights to be advised by Public Administrations and companies about data breach (data breach notification) within 72 hours.

The regulation implies also a cultural change: protect data means protect people, their identity and their freedom. The text requires a strong accountability and a proactive approach. Data protection becomes, finally, a strategic asset which must be assessed before, during the design of new procedures, products or services (principles of “data protection by design” and “data protection by default”), without bureaucratic sideslip that often in the past have reduced the data protection to a mere formalization of signing the privacy policy or the consent for processing health data. Following to the European regulation provisions, Public Administrations and firms has the obligation to carry out a preliminary impact assessment on data processing when they involve in particular the use of new technology and, considering their nature, object, context and purpose, can be a high risk for the rights and the freedom of individuals. In short words, the impact assessment on privacy requires a punctual and documented analysis of risks for citizens rights and freedom.

With GDPR the “principle of accountability” comes into our legislation: PA and companies that process personal data must demonstrate the application of proper security measures, effective to protect data and that they are keeping them constantly updated. In addition, firms must demonstrate that their activities and processing are compliant with the principles and provisions of GDPR, including the efficiency of security measures.

In the next post we will talk about DPO, a new important professional introduced by GDPR, stay tuned!

Still not compliant with GDPR? Hurry up, time is running out: request a free consulting with our experts!

 
Facebook
Twitter
LinkedIn

Contact us

Fill out the form and one of our experts will contact you within 24 hours: we look forward to meeting you!

Contattaci

Compila il form e un nostro esperto ti ricontatterà entro 24 ore: non vediamo l’ora di conoscerti!

Richiedi la tua prova gratuita

Ehi! Stai già andando via?

Iscriviti alla nostra newsletter per restare aggiornato sulle novità dell’universo Criticalcase