Privacy and personal data protection
The entry into force of the new EU General Data Protection Regulation, which will replace Italian Legislative Decree 196/2003 (known as the Privacy Code), will require companies to reorganise their processes linked to the processing of personal data, confirming, inter alia, the obligation to adopt procedures of privacy by design. However, it could lead to greater standardisation across the EU and, above all, should be more in line with the revolution triggered by new digital technologies.
The new regulation must also be complied with by companies that are headquartered in non-EU countries, and confirms important changes that were already contained in the original proposal of 2012, such as the right to data portability, the obligation to report security breaches, the “one-stop-shop” mechanism, through which data controllers will deal with a single supervisory authority, the concept of “privacy by design”, recognition – though partial – of the right to erasure, as well as the obligation – under certain circumstances – to conduct a data processing impact assessment. It will be mandatory to appoint a data protection officer in companies that conduct particular processing.
The firm conducts assessments to verify compliance with the current regulations concerning the processing of personal data by small, medium-sized and large enterprises, developing architectures and having the necessary training provided by professionals.