General Data Protection Regulation (GDPR): Last News on Data Protection Laws and What Will Change
The Regulation (EU) 2016/679 of April 27th, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, will enter into force on May 28th, 2018.
These Regulation will be directly applicable and binding in all EU Member States without the need to adopt a national transposition law and it will be applicable also to the companies located outside the European Union which offers services or products to a physical person residing into the European Union.
The Regulation “lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data” and it applies “to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system”.
In a nutshell:
- it sets up clearer rules on the information to be provided to the data subject and about the consent;
- it defines the limits of the processing of personal data wholly or partly by automated means, including the profiling;
- it bases the exercise of new rights (including the right to be forgotten and the data portability);
- it sets up more stringent criteria for the transfer of personal data to third countries or international organizations and in case of personal data breach;
- it promotes the accountability of the controllers;
- it endorses the controllers’ adoption of methods and policies which should be constantly aware of the risks concerning the data subject’s rights and freedom related to the personal data processing, as well as proceedings designed on the proceeded personal data’s typology (so-called “privacy by design”);
- for the controller legal person, it sets up sizable responsibility, whose the failure to comply it’s sanctioned, even badly; at the same time, it allows the controllers to simplify the proceedings by the adoption of codes of conduct prepared by Associations and other bodies representing categories of controllers or processor by which to demonstrate compliance with the obligations of the controller.
Do not hesitate to contact us for any further information on the Regulation (EU) 2016/679.
Do you want more information?
Avvocato con esperienza in diritto societario, contenzioso civile e societario e contrattualistica, co-autore di articoli su riviste specializzate e relatore in convegni e corsi.