GDPR: The new European Privacy Regulation | Real Comm srl

 

Carrello vuoto

Wishlist vuota

GDPR: The New European Data Protection Regulation

Plan for compliance with the new European Privacy Regulation 2016/679

Privacy: From Cost to Valuable Resource

2017 is the year of preparation for the transition from the Privacy Code to the New European Regulation on the processing of personal data (GDPR). The new regulation has been in force since May 25, 2016, and will be fully applicable from May 25, 2018. This means that even treatments already carried out must be made compliant with the GDPR by May 25, 2018.

Real Comm offers you both legal and technological support.

The new regulation aims to harmonize the discipline among the Member States in terms of Privacy and is aimed at developing the digital single market through the creation and promotion of new services, applications, platforms, and software. Companies have the burden of immediately developing activities to comply with the new regulatory framework.

The New European Regulation (GDPR) introduces several changes compared to the Privacy Code, which is still in force. The GDPR, in fact, introduces the new professional figure of the DPO (Data Protection Officer), mandatory for entities that process significant volumes of data, and new duties and responsibilities for the data controller. Among these, there is the obligation to keep a Register of Processing Activities. The GDPR also considers design scenarios that must respect the setting of a processing activity from the outset (privacy by default, privacy by design, privacy impact assessment).

The GDPR introduces new rules: it provides a new method for transferring personal data to third countries and establishes new procedures in the event of data loss. The GDPR has set up a European data protection committee tasked with applying policies congruent and consistent with the growing diffusion of social networks and the cloud (as a system of data storage and processing).

The common goal of the legislator and the Data Protection Authority is to simplify the obligations of the data controller so that they can derive concrete benefits from the new legislation.

Indeed, the correct adoption of simple measures to protect personal data can contribute to making the company's organization more efficient and significantly reduce the potential risks to which it is exposed in the market. It is therefore necessary to adopt best practices that can improve not only the company's image, from the point of view of social responsibility, but also its business capacity at equal costs incurred, increasing users' and consumers' trust in the company's seriousness and reliability.

Some of the novelties introduced may involve significant changes in terms of company organization and, in some cases, technological investments. It is therefore necessary to prepare a plan made of evaluations and analyses to not be caught unprepared when the GDPR comes into force.

How to address the novelties of the GDPR:

  • Value the solutions already adopted in the company, in harmony with the obligation of compliance with the GDPR;
  • Choose the most appropriate method to face the novelties of the GDPR, evaluating the type of personal data processed, the risks of each specific treatment, and the type of company;
  • Adopt technical and organizational measures that:Ensure full compliance with the requirements of the GDPR;
  • Allow the Data Controller to demonstrate that the processing is compliant with the GDPR;
  • Are adherent to certified Codes of Conduct.

To ensure compliance with the GDPR, companies must:

  • Identify and formalize roles and responsibilities for personal data processing and their protection; manage a Processing Register, to be reviewed and updated as necessary;
    valutare gli impatti e i rischi di ogni specifico trattamento per l’azienda, tenendo conto anche delle misure di protezione attuali, e procedere a una valutazione periodica
    (PIA);
  • Assess the impacts and risks of each specific treatment for the company, also considering current protection measures, and proceed with a periodic evaluation (PIA);
    gestire i piani di risanamento
    (remediation plan) delle misure di sicurezza non adottate; gestire il processo privacy by design sui nuovi trattamenti introdotti;
  • Identify and plan compliance projects with the New European Regulation (scope, resources, times), valuing solutions and skills already available in the company: define adequate security measures (technical and organizational) in relation to risk assessment;
  • Manage remediation plans of unadopted security measures; manage the privacy by design process on new treatments introduced;
  • Evaluate the opportunity to adopt market best practices (standards, frameworks, ISO standards, etc.) to ensure the effectiveness and efficiency of solutions;
  • Manage the incident register;
  • Evaluate the economic impact for compliance with the GDPR.

It is desirable, as well as necessary, to immediately intervene with effective GDPR compliance plans possibly within the second half of 2017 concerning the imminent deadline:

  • By the third quarter of 2017, creation of the Compliance Document with Legislative Decree 196/2003 with a plan for compliance with the GDPR;
  • By the fourth quarter of 2017, creation of the GDPR Master Plan;
  • By the first quarter of 2018, creation of GDPR Compliance Projects.

Real Comm accompanies you on this delicate path.

Real Comm provides you with both legal and technological support to guide you in the complex current scenario and to obtain adequate data protection during acquisition, processing, transfer, and deletion. Real Comm offers a service that allows you and your company to understand the obligations imposed by the GDPR in terms of data protection, to plan compliance, to implement the necessary measures, and to monitor them over time. Real Comm supports you in complying with the obligations introduced by the new European Regulation (GDPR) in terms of data protection, in view of its full applicability in May 2018.

Main aspects addressed in consulting and support interventions:

  • Definitions and basic concepts of the New European Regulation (GDPR) and differences with the current Privacy Code.
  • Organizational and methodological innovations of the GDPR (Chapter IV): the procedures that generally make processing lawful.
  • Privacy and the new conditions of consent;
  • The Data Processor and the Processing Manager: obligations and responsibilities;
  • Data security (Data Protection) and Protection Impact Assessment (PIA).
  • The principles of Privacy by design and Privacy by default.
  • The new figure of the Data Protection Officer (DPO): tasks, responsibilities, and duration;
  • Personal data breach (Data Breach);
  • The Register of Processing Activities.
  • Log Management.
  • How to plan compliance with the GDPR: compliance with the Privacy Code in the perspective of the entry into force of the GDPR.
  • Recall of some General Measures of the Guarantor:
  • The use of the computer in the company;
  • Video surveillance systems in the company;
  • Marketing rules;
  • The company website and treatments with the internet.

Recipients of consulting and support interventions:

  • Personnel Managers, ICT Managers and staff, Legal Office staff of companies and public entities, Marketing Office Managers, Data Controllers and Managers, consultants, system administrators, lawyers, accountants.
  • All those who have appointed an External Responsible for Processing.
  • All those who have appointed an External Supplier Responsible for Processing.

 

CONTACT US
You can call our toll-free, from Monday to Friday from 8:30 to 18:30.Or find other ways to contact us or ask for assistance.