Organizational Model of Management and Control of Privacy
Protection of Personal Data Privacy
The Organizational Model of Management and Control of Privacy
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Training of senior management figures
The course illustrates the content of the GDPR and the Management Model currently being implemented in their company, in order to allow a real and conscious proactivity in the activities of realization, implementation and maintenance of the Model.
Object and purpose
1.This Regulation establishes rules concerning the protection of individuals with regard to the processing of personal data, as well as rules concerning the free movement of such data.
2.This Regulation protects the fundamental rights and freedoms of natural persons, in particular the right to the protection of personal data.
3.The free movement of personal data in the Union can not be restricted or prohibited for reasons relating to the protection of individuals with regard to the processing of personal data.
It shall apply from 25 May 2018.
The main new features introduced are:
- mandatory Data Protection Officer for some types of treatment and for P.A .;
- right to be forgotten, especially for online data;
- provision of a clear and unequivocal consensus;
- genetic and biometric data are considered sensitive data;
- more information on the data retention period;
- penalties of up to 20 million euro or 4% of the total annual worldwide turnover of the offender;
- one stop shop, we will meet with an inique guarantor in Europe;
- data breach notification, loss, unauthorized access to be communicated to the guarantor;
- provision of Data Privacy Impact Assessment (DPIA) and treatment registers;
- code of conduct and certification schemes Privacy.
Subject-matter and objectives
1.This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
2.This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
3.The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
Principles relating to processing of personal data
1.Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency');
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes ('purpose limitation');
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy');
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ('storage limitation');
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').
2.The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 ('accountability').
Data protection impact assessment
Data protection officer
Training of the company figures in charge of data processing
The activity foresees the internal training of the figures in charge of data processing to allow a conscious management of daily activities in line with the normative dictates and with the processes designed by the company mangement.
It is recalled that Article 29 of the Privacy Regulation (EU) 2016/679 states that "The controller, or anyone acting under his authority or under that of the data controller, who has access to personal data can not process such data if it is not educated.
We will then proceed to make specific training calls for the following areas, when existing:
• Course for internal privacy delegates (former managers)
• Course for persons in charge of processing
• Specific course for HR
• Specific course for IT
• Specific course for Sales Commercial Marketing
The course is inclusive of support material, Assessment Test, questionnaire evaluation training actions, certification on completion of education with its Roster.
Privacy Legislative Decree no. 196/03 Consulting-Protection of Personal Data Privacy 196