The GDPR (General Data Protection Regulation) is the new privacy regulation implemented by the EU, which imposes specific rules on businesses: learn more with us!

The General Data Protection Regulation is the new data protection regulation implemented by the European Union. Fully applicable starting from May 25, 2018, it requires companies to develop concrete compliance plans within tight deadlines.

The next step following the “Identification of Simplified Methods for Informing and Obtaining Consent for the Use of Cookies – May 8, 2014” law (commonly known as the “Cookie Law“) of 2014, the privacy regulation applies to anyone who owns a website – including businesses, organizations, and public administrations.

“GDPR: What is it?”

The GDPR provides internet users with a way to control how their data is collected and used. The European Union’s goal is to strengthen the protection of personal data within a rapidly evolving digital landscape.

User data protection will therefore involve a structured process that defines roles, responsibilities, and accountabilities.

GDPR: What Changes?

The new Data Protection Regulation introduces several innovations regarding privacy, which can be summarized under three main rights:

1. Access: With the introduction of processing activity logs, the owner of each website must specify:
   – le finalità The purposes for which data processing is being carried out
   – le categorie The categories of personal data and data subjects involved
   – le misure di sicurezza The technical and organizational security measures adopted;

2. Data Portability: The user’s right to receive the data previously provided to a data controller and to have it transmitted to another controller;

3. Right to be Forgotten: The user’s right to withdraw consent for the processing of their personal data, as well as to request its deletion (the website owner must therefore be able to completely delete stored data upon user request).

The GDPR also requires the implementation of a procedure to inform users of any data breaches. Naturally, any extension or plugin chosen for this purpose must comply with the regulation.

GDPR: The Penalties

According to Federprivacy, fines for violations of EU Regulation 2016/679 could reach up to €20,000,000 or 4% of global annual turnover. “What is particularly concerning,” according to a survey conducted by Compuware Corporation on a sample of 400 Chief Information Officers, “is that only 28% of large Italian companies surveyed have a complete plan in place to ensure compliance with the GDPR.”

Compliance will be closely monitored. Each EU member state will have a competent authority responsible for ensuring GDPR compliance, conducting web audits, and issuing sanctions independently.

In conclusion, the General Data Protection Regulation shifts the perspective on privacy. The regulation focuses on accountability and the responsibilities of the data controller, unlike the previous regulation, which was centered on the rights of the data subject.

As already mentioned, the GDPR will be fully applicable to all website owners with visitors from the European Union starting from May 25, 2018. This is why it is crucial for every website owner to be prepared.

For more information or to request assistance, feel free to contact us: we are at your disposal!