Regulation

Are you Ready for the EU New Privacy and Data Protection Rules?

The Data Protection Authority has published the new Guidelines concerning the implementation of the new European General Data Protection Regulation 2016/679, issued by the European Parliament in April 2016, to enable public entities, institutions, natural person and private companies to know and correctly apply the new provisions on this matter. The Regulation, which will become fully effective from 18/05/25, will be operational in all EU countries without any other transposition procedure and it will replace the current Privacy Code, which was adopted instead with the Legislative Decree n. 196 of 2003 in the implementation of a previous European Directive. Within a year, data protection national laws will be unified in a single discipline. The system set up by the European Union consists of two parts: a regulation concerning people, companies and administrations and a more specific Directive concerning the use of personal data in the field of security and police or justice activity. This second part will have to be transposed by a national law. The Data Protection Authority's Guidelines deal with the issues of the first part of the legislation, dividing it into six groups (lawfulness of processing, disclosure, data subjects’ rights, processing responsible, risk-based approach and accountability measures of holders and responsible, international data transfers) and addressing its innovation and possible issues. In particular, some of the changes introduced by the Regulation are in the interest of data owner. First of all, the disclosure eventually signed by the data owner must be clear, brief, intelligible and easily accessible. In addition, the owner may decide to transfer his data from one subject to another, with the possibility of changing the manager without losing the information provided. Only for non-European countries or for international organizations not having an adequate privacy policy it will require an explicit consent to the transfer of personal data. On the other hand, the Regulation promotes the accountability of data holders and the adoption of approaches and policies that constantly take into account the risk that may occur in the data processing. Finally, another important innovation is the introduction of the Data Protection Officer, a professional manager for managing and controlling the privacy policies of companies and public entities. Thus, in a year we will discover the effects of this reform and how personal data management will change in all of European Union.