GDPR: assessment and compliance
Reg. UE 2016/679 (GDPR) and new Legislative Decree No. 196/2003:
The privacy assessment and privacy up to standards phases
Privacy chart
Information to be provided to the data subject (c.d. “Privacy policy”)
Designations( Contracts/ Other acts adequate to formally determine the Data Processors
Authorizations to process data directed at the employees or other authorised individuals under the Data Controller or Data Processor authority.
Records of processing activities
Personal Data Breach Records
Instructions adequate to all the subjects involved in the processing of personal data
RAEE Policy
Procedure of response to the Data Subjects requests
Data Breach management procedure
Data retention policy
Technical Policy on the use of IT equipment
Check on the adequacy of physical, logic and organizational measures adopted
Data Protection Impact Assessment (DPIA)
Vulnerability Assessment (modulo autonomo)
Other necessary documents relating to Data Protection Authority regulatory measures (e.g. management of video-surveillance, GPS, Administrators of Systems, etc.)
Starting from 2018, May 25th, the acronym GDPR has begun to indicate something more than simple letters.
The main purpose of the Regulation is n’t only about harmonising the application of data protection, already exceptionally technical and complex, but also about achieving a profound revolution in the culture of security in processing personal data and in ensuring their correct circulation.
The central activity that every undertaking, legal entity public body and other organizations must perform in order to be privacy compliant is a substantial process of analysis and bring in conformity that we can divide in at least three essential phases.
Up to standard: consisting in the regularization of documental, organizational and security terms.
Instructions and Procedures
Implementation and adaptation of the security measures