New European Privacy GDPR: how privacy and personal data protection change
The countdown begins for the full applicability of the New European Regulation EU679/2016 GDPR, in fact the deadline was set for May 25, 2018 within each company will have to worry about having implemented the required directives.
But what is meant with GDPR?
The GDPR (General Data Protection Regulation) is an European regulation which renews the topic of privacy and protection of personal data.
The main objective is to restore the control of personal data to citizens, as well as to align all the member states of the European Union, by replacing the current legislation without the need for national transposition laws.
The new European legislative framework represents a big step forward, both in terms of risk prevention and most of all for the “culture of privacy”, which is crucial to ensure economic development and freedom at the same time.
In compliance with the precautionary and preventive principles, the GDPR requires companies that handle personal data to adopt organizational, legal and IT measures suitable to protect the personal data of the European citizens. Furthermore, it is required:
- The designation of a DPO (Data Protection Officer) - Responsible for the protection of personal data;
- The implementation of the PIA (Privacy Impact Assessment) - Impact assessment in cases of high risk;
- The introduction of Privacy by Design - To consider personal data protection from the engineering of systems, products or processes;
- The introduction of Privacy by Default - To treat only the necessary personal data and only for the necessary period.
In this scenario of growing digital transformation, only organizations able to offer customers total transparency could build a relationship of trust and loyalty with the brand, so it is fundamental to grasp the opportunities linked to the improvement of the security level of the business systems.
For further information you can read the full rules here.