The General Data Protection Regulation (GDPR) comes into force in May 2018. It is the latest development in the current EU agenda to safeguard its citizens and their private information by introducing new rights for individuals and strengthening existing protections, while imposing stricter requirements on all business activities involving data. Whether you are a data controller or a data processor, the GDPR will have a significant impact on your business and the clock is ticking. The GDPR supersedes EC Directive 46/95 currently in force, implemented in Italy through Legislative Decree 196/03 (Data Protection Law) and expands existing obligations.
Regulatory changes require prompt consideration and critical assessment by organisations in order to understand their effects on business operations. Amended business practices, supported by IT systems and operational processes will be required to achieve compliance with this new regulation.
With the data protection legal landscape evolving rapidly, the GDPR presents many challenges for businesses, government and public authorities, in particular for consumer facing businesses, online businesses, those in the financial services industry or organisations in possession of sensitive personal data.
Fines for data breaches and non-compliance with the EU regulation increased significantly, up to €20 million or 4% of global group turnover.
Organisations will have to move quickly to avoid potentially large fines for non-compliance.
For further information on necessary adjustments in order to align to the new GDPR, please contact Alessandro Leone or Renato Sesana.
