“The protection of individuals with regard to the processing of personal data is a fundamental right. Article 8, paragraph 1, of the Charter of Fundamental Rights of the European Union (Charter) and Article 16, paragraph 1, of the Treaty on the Functioning of the European Union (TFEU) state that every person has the right to the protection of personal data concerning him or her”.
This is what is stated in Recital 1 of the “General Data Protection Regulation” EU 679/2016 (GDPR) and is the starting point for the development of the same Regulation regarding the management and protection of personal data.
EU Regulation 679/2016, which repeals the previous Data Protection Directive 95/46/EC, will be, from the 25th of May 2018, the legal reference for data protection in the EU, directly applicable in all Member States.
The regulation provides for harmonisation of the legal framework for data protection throughout the EU, reinforces numerous principles and obligations of the Directive, repeals and adds new provisions, such as for example:
- the introduction of the figure of the Privacy Officer, an expert in charge of data protection;
- the clarification of the responsibilities of the Data Controller regarding violations of the legislation and of the joint liability of the Data Processor;
- the impacts of new communication technologies (social networks, big data);
- the introduction of certification, seals and data protection marks, which can play a significant role in enabling data controllers to obtain and demonstrate compliance of their processing operations with the provisions of the GDPR, by improving transparency, as certifications, seals and marks allow interested parties to quickly evaluate the level of data protection for products and services”.
In Italy the legislative decree n. 101 of 10 August 2018 modifies the previous decree “Code concerning the protection of personal data” as per legislative decree 30 June 2003, n. 196 and insert the requirements of the European Regulation (EU) 2016/679 (GDPR) regarding data protection.
Organisations are called upon to assess the changes required by the new legislation, which could in some cases have a major impact on organisational procedures, and consider the risk of heavy penalties in the event of violations. This leads to a careful analysis of the effects that the GDPR has on the internal management of data, bearing in mind that the regulation requires the Data Controller to demonstrate that the procedures are adequate and proportionate to meet the requirements of Regulation according to the specific activities carried out.
ICIM acts as a third-party organisation that can meet the needs of Organisations requiring services relating to the GDPR. ICIM offers multidisciplinary teams able to provide various services to Organisations and in particular:
- Privacy Impact Assessment (PIA) and verification of compliance with the regulations of the GDPR,
- Analysis and assessment of the structure and procedures of the GDPR regulation (gap analysis), Certification of the professional Figures connected to the GDPR, such as the DPO.
- Training on GDPR requirements.