Secursat and the privacy officer
GDPR 25th may - A EVER-CHANGING SCENARIO
As everybody knows, 25th May GDPR the EU’s General Data Protection Regulation will officially enter into force. The great interest on it is because GDPR refers to data, the oil of this century. The regulation in fact was introduced to ensure that all data protection laws are applied equally, on pain penalties including big fines. So Secursat, to meet these changes, fits into his engineering team a certificated Privacy Officer to help customers to comply with laws and regulatory adjustments.
In this ever-changing scenario the Privacy Officer is, and will be, an increasingly important figure especially considering the grate number of requirements of this Data Protection Regulation. In less than 20 working days before it come into effect, the draft decree laying down the procedure for the adoption of the Italian law to the new European disposition is going to change, introducing some news about “Privacy Code” (Dlgs 196/2003). Of course we have to wait the new “Privacy Code” and the entry into force of the regulation, but in the meantime we could clear up some confusion
Repeals
• The “Privacy Code” annex B, which contains the minimum security requirements, has been repealed. So, the failure to comply with its rules is not a criminal offence anymore.
New Illicit
• A violation cannot be still punished with both, administrative and criminal sanction, but in the new draft there is a new penal section with new illicit, including: personal data fraudulent acquisition and unlawful data, on a relevant number of person, communication and diffusion.
Pending illicit
• For the pending administrative illicit, , the Regulation EU 2016/679 provides an ad hoc provision to settle account. Who wants it will pay the two-fifths of the legal minimum.
Penalties
• Italian legislation for European penalties remain the law 689/1981
• For administrative illicit there are two lines of penalties: Max EUR 10 and 20 million. The draft, actually, does not set the minimum price to be paid or does not differentiate small and serious fines. So just the “Privacy guarantor” will have the power over it.
Public administration, health and dead
• For the public sensitive data treatment are still valid regulations have been adopted until today by all public bodies. So the public administration does not need to ask consensus.
• For health data, now the consensus is not required too, but these data will be regulated in another way.
• For the dead, Europe leaves the decision to individual states and Italy decides to safeguard these data.
Minor
• To the Italian legislative, to give the consensus to personal data treatment the minimum threshold is 16 years, instead of 14.
New figure
• Moreover, has formalized the possibility to introduce new chief to specific tasks, different form the internal chief unforeseen from Europe.
To conclude, these changes makes the new draft quite different by the previous and underline the importance of a figure that could help everyone to understand these changes. The DPO thanks to his experience in data protection and privacy, especially if this is certificated by and external institutions as a TUV, is that figure. The purpose is not just to avoid penalties but also improve business efficiency and effectiveness throughout business ethics actions.
Compliance to national and international rules and regulation about privacy, personal data protection and not just, is Secursat new business model core. More over Secursat is working also on employees and employer protection, international mobility and Travel Security, in the belief that there is a need to build a 360° security complying also customer’s policy and requirements.
