The new era of privacy began on May 25, 2018, with the entry into force of the GDPR, the European regulation that impacts data processing.
However, perhaps not everyone remembers that May 17, 2019 marks the end of the “compliance period” during which the Guarantor takes into account, in the application of administrative sanctions, the novelty of the new privacy obligations.
What does it mean?
Until May 16, 2019, the Inspection Services of the Secretariat of the Guarantor will administer the possible sanctions, ” taking into account the innovations introduced by the new European Regulation 2016/679 and the new obligations established “, but starting from the “fateful” day, inspections of companies by the control bodies responsible for checks may be operational: the Privacy Authority and the Guardia di Finanza with the “Special Privacy Unit” and the sanctions envisaged may enter into their full application.
During the latest annual report a few days ago, the guarantor for the protection of personal data Antonello Soro drew up the balance of 2018 by providing the data: over 8 million fines collected, 115% more than in 2017.
The Guarantor carried out one hundred and fifty inspections, the checks concerned numerous sectors, both public and private.
Credit institutions, companies for rating activities on the risk and solvency of companies, companies that carry out telemarketing activities, insurance companies through the installation of “black boxes” on board vehicles and companies that offer medical-health services via App.
As regards the public sector, the verification activity focused on public bodies, especially Municipalities and Regions, which process personal data through Apps for smartphones and tablets, on large databases, on the tax system, with special attention to security measures and the audit system, on the Istat information system and on Spid.
Other deadlines of the Privacy Guarantor
- December 31, 2019: The treatment register is accessible until this date.
- March 12, 2020: By this date, the Ministry of Justice must adopt a decree which, in the absence of a law or regulation, authorizes the processing of personal data relating to criminal convictions and offences.
Contact us for a targeted comparison to verify your compliance with European regulations.