With the final adoption of the New European Privacy Regulation (General Data Protection Regulation), four years after its submission, a crucially important procedure for approval is concluded. The new rules are aimed at updating the Privacy legislation to the current context, 20 years after the issuing of Directive 95/46/CE.
It is a generational change, required by the rapid evolution of the electronic information management that is gradually replacing the paper form, as it is possible to gather also from the shift of photography from an analog to a digital form, from the increasingly spread of e-books and from the online services that are progressively joining and almost entirely replacing the "traditional" counter services.
Along with the regulation that provides the general guidance for personal data processing, a directive has been approved that is aimed at regulating prevention and repression of crime, including the enforcement of penalties.
Compared with the directives, the regulations are immediately applicable in all States of the European Union because they do not need a national "transposition": 20 days after its publication on the Official Journal of the European Union (to be issued not later than 45 days after the final approval on April 14), the States will have two years for the adaptation of the rules. Within two years they must transpose the new provisions and the rules for the management of personal data, that will involve a general redefinition of information management by public and private organizations.
After a two-year transition period, the European Regulation on Privacy (or, more formally, General Data Protection Regulation) will be in operation, thereby applying the penalty system that imposes fines up to EUR 20 million or up to 4% of the annual turnover.
The new Regulation includes issues such as the right to be forgotten, the principle of transparency, the principle of accountability and the concept of Privacy by Desing and Privacy by Default, that are particularly important for all areas of application.
Along with the new themes, there is the reaffirmation of the previous Privacy Code (Leg. Decree 196/03), reassessed in the light of the experience gained, such as the management of the explicit consent to be given in various modalities, including a casuistry on minors up to the age of 16.
Other new features are the introduction of the right to data portability, of the management and communication of computer security incidents both to authorities and to the interested parties, of impact assessment on data protection and of supervisors responsible for the management of data protection, topics anticipated by some recent provisions of the Italian Privacy Authority.
Finally, it is essential the idea of one-stop-shop (a single window of the data protection authority for each country), that allows users to have just one point of reference in case it is necessary to report problems in the processing of one's own personal data anywhere the processing is managed.
As always, the Consulting Division of Go Infoteam Group is available for possible further information and it is ready to manage the adaptation to the new European legislation thanks to the skilled and professional staff, taking also advantage from the InRiMa -Information Risk Management platform.