The Italian Data Protection Authority, Garante per la privacy issued Guidelines for the implementation of Regulation EU/2016/679 on Personal Data Protection (GDPR).
The DPA suggests some actions that can be carried out right away to comply with the GDPR and provides a general overview of the major innovations introduced by the legislation.
The guidelines are divided into 6 thematic sections:
- Principles of lawfulness of the processing (Article 6, GDPR);
- Information and access to personal data (Article 12 and 13, GDPR);
- Data subject rights (Articles 15-22, 28, GDPR);
- Controller, processor, data protection officer (Articles 26, 28, 29, 82, 30, and 37, GDPR);
- Accountability principle, data protection by default and by design, impact assessment and prior consultation (Articles 23-25, 35-37, GDPR);
- Transfer of personal data to a third country or international organizations (Articles 40, 43, 44-49, 65, GDPR).
Each section explains what are the changes and what will remain the same after the GDPR enters into force
The Guidelines are available (in Italian) at http://www.garanteprivacy.it…
For more information on privacy issues, contact Francesca Giannoni-Crystal.