Il General Data Protection Regulation (or: General Regulation on Data Protection), applied to all types of businesses that provide services or products to people who are in the European Union and 'entered into force on 25 May 2018.
The GDPR, Regulations (EU) 2016/679 the European Parliament and of the Council, of the 27 April 2016, on the protection of individuals with regard to the processing of personal data, and the free movement of such data, repealing Directive 95/46 / EC (General Regulation on data protection) based on which rest the provisions currently applicable in the EU countries including Italy.
This new legislation obliges organizations to take more responsibility for the personal data they collect and to make every effort possible to protect them.
The main reasons why the regulation was introduced are as follows:
- Forcing companies to operate more transparently about the collection and use
- Improve data protection and prevent the violation;
- Establish enhanced controls and have greater responsiveness to prevent data loss.
Inside the GDPR were established a series of measures that aim to increase transparency in the control and data management.
interested parties (users) They will be asked to provide more specific permissions and should be able to cancel them if they are no longer in agreement; They can request information on how to deal with data that have conferred, where and for what purpose.
Those interested can require companies the information they use and that affect them and request deletion from the server and from the archives of the company.
companies, and then the data controller (as defined in GDPR “Data Controller”), They have an obligation to assess how to handle data security already in the design phase of new systems (principle “privacy by design”).
Not only: companies whose core business involves the processing of a large volume of personal data, They must arrange to appoint a manager who is concerned with the data protection (DPO).
These measures are intended to reduce the likelihood of data loss (Data Breach); however, if this happens, companies will have the obligation to inform within 72 hours the competent national authorities and, depending on the circumstances, concerned.
P&B Informatica Srl offers a consulting service for the factory adjustment to the new regulation: from the identification of treatments, risk analysis, the impact assessment and all the provisions of the GDPR.