In May 2016 came into effect the new European regulation about personal data protection which constitutes a qualitative leap in the relationships between citizens and development of digital services, in the system of responsibilities and implementation of security measures to protect sensitive data.

This law will be applied in the Member States from May 2018: by that date firms and Public Administrations will have to organize themselves and comply with the new rules.

With the new measures, Citizens are at the centre of the system and have the following rights:


• data portability
• right to be forgotten, until now recognised just at case-law level
• right to be informed in a transparent, fear and dynamic way about the processing of personal data and right to control them
• right to be informed about data breaches

Therefore the text in question recognises a high and uniform level of data protection and has the purpose of giving to citizens a greater control on their use. Besides, citizens have the rights to be advised by Public Administrations and companies about data breach (data breach notification) within 72 hours.

The regulation implies also a cultural change: protect data means protect people, their identity and their freedom. The text requires a strong accountability and a proactive approach. Data protection becomes, finally, a strategic asset which must be assessed before, during the design of new procedures, products or services (principles of “data protection by design” and “data protection by default”), without bureaucratic sideslip that often in the past have reduced the data protection to a mere formalization of signing the privacy policy or the consent for processing health data. Following to the European regulation provisions, Public Administrations and firms has the obligation to carry out a preliminary impact assessment on data processing when they involve in particular the use of new technology and, considering their nature, object, context and purpose, can be a high risk for the rights and the freedom of individuals. In short words, the impact assessment on privacy requires a punctual and documented analysis of risks for citizens rights and freedom.

With GDPR the “principle of accountability” comes into our legislation: PA and companies that process personal data must demonstrate the application of proper security measures, effective to protect data and that they are keeping them constantly updated. In addition, firms must demonstrate that their activities and processing are compliant with the principles and provisions of GDPR, including the efficiency of security measures.

In the next post we will talk about DPO, a new important professional introduced by GDPR, stay tuned!

Still not compliant with GDPR? Hurry up, time is running out: request a free consulting with our experts!

Talk to our experts

Your Full Name*
Your Business Email*
Your Phone Number* (Add Prefix)
Choose the service you need*
99.99% SLA

Related Post

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.