|
|
Some research conducted has highlighted how, despite the fact that the topic is now raging in every magazine, specialized or otherwise, media or web magazine, among SMEs there is a notable delay in the adaptation process (in April 2017, as many as 80% of the companies aware of the GDPR had declared themselves "not yet compliant") and, above all, a lack of knowledge on the actual impact of the new regulation .Below is a brief summary of the main regulatory changes that companies that have not yet done so will necessarily have to deal with by May 25, 2018.GDPR's new approach to managing personal data (“ Privacy by design ”)The regulation addresses the protection of
personal data , with a new approach characterized by the repeal Special Data of the fixed guidelines with which companies had to comply with which preference was given to the responsibility of the data controller , (" accountability" in English) on whom the responsibility also rests. burden of proving that you have adopted all the actions and measures required by the GDPR .With a view to strengthening the protection of natural persons , the new legislation has adopted the so-called " privacy by design " approach according to which each treatment must be configured by providing from the outset the indispensable guarantees "in order to satisfy the requirements" of the Regulation and to protect the rights of the interested parties - taking into account the overall context in which the processing takes place and the risks to the rights and freedoms of the interested parties.Each processing must therefore be preceded by an assessment of the concrete risk that the specific processing may have negative impacts on the freedoms and rights of the interested parties in light of the known or identifiable risks and the technical organizational measures that are deemed to be adopted.Direct and immediate consequences of
this changed approach will be :the obligation for the owner to implement measures that make any processing carried out compliant with the provisions of the GDPR ;the obligation that the measures adopted provide a guarantee of said conformity ;the obligation to base the choice of measures adopted on preventive risk analyses ;the obligation that the conformity thus guaranteed is also easily demonstrable and, therefore, in fact, a real reporting obligation .Due to the new approach, the GDPR has also suppressed , starting from 25 May 2018, some institutions previously foreseen by the Privacy Code , currently in force, such as the prior notification of processing to the supervisory authority and the preliminary verification, which have been replaced by obligations to keep a register of processing by the owner/manager.
|
�
|
發表於 2024-3-10 12:12:42
