GDPR can be seen as an authentic revolution that affects the entire corporate landscape of the European area. During 2018, in fact, organizations will be required to inform themselves about the activities to be implemented, reviewing their planning in light of the inevitable organizational changes. Let's briefly see what changes for companies.
- DPO: What changes compared to the past? Pretty much everything! In fact, this is an absolute innovation: with the GDPR, the institution of the Data Protection Officer is mandatory for every entity (at least for public ones).
- Data Security - [Privacy By Design]: this is probably the most innovative concept that the GDPR introduces. Here's basically what changes: from the planning of the processing activities, the necessary guarantees must be assessed in order to meet the requirements of the Regulation and protect the rights of the interested parties, also by adopting specific measures (such as minimization and pseudonymisation), to guarantee the protection of personal data.
- Right to data portability: allows the interested party to receive the data previously provided to a data controller, as well as to request their transmission to another data controller.
- Right to cancellation: the ability to request and obtain the cancellation of personal data.
- Penalties: what changes legally? The introduction of the new measures represents a novelty, also thanks to the increase of the penalties provided.
- Reporting of violations: the regulation provides that data managers are required to inform the data protection authorities (Privacy Guarantor) within 72 hours of any violation that jeopardizes the rights of individuals and in the shortest possible time all individuals affected in case of high risk violation.