Pavia e Ansaldo and Unindustria on “The new privacy regulations: corporate obligations and responsibilities”

Milan, 29 September 2017 – The main measures that companies must bear in mind in view of the full application of the privacy regulations, planned for 25 May 2018, have been the focus of the conference “The new privacy regulations: corporate obligations and responsibilities” organized by Unindustria and held in Rome yesterday.
The Conference was opened by the institutional welcome of Avv Massimiliano Bondanini, Head of Legal and Tax Affairs at Unindustria, and continued with the address of Avv. Agostino Migone De Amicis, partner with Studio legale Pavia e Ansaldo, who described the new European regulatory framework less than a year from its full applicability, with a focus on the privacy legislation in the model 231 (organisation, management and control model for Italian compliance purposes) and other corporate governance systems.
The obligations in preparation of the new framework also in light of the guidelines of the Authority and the role of the data protection officer were key elements of the presentation by Mr. Luigi Pavani, Business Development Manager at RINA Services, followed by Avv. Deborah Bolco, partner with Pavia e Ansaldo, who focused on data transfer outside of the EU.
Concluding, Avv. Mariangela Papadia, senior associate with Pavia e Ansaldo, dealt with assessment activities and new sanctions and illustrated how the new framework sets forth administrative sanctions of up to 20 million euro or up to 4% of the aggregate annual turnover of the corporate group for multinationals in case, for example, of violations of the rights of data subjects.
“The Regulations introduce a number of elements of simplification and rationalization that are bound to have positive effects for companies. From 25 May, for example, companies operating in multiple legislations, which have so far had to master various regulations on the subject of data protection, may generally refer to one set of rules. The counterpart of this greater simplification will be an increase in the European monitoring levels with the introduction of unprecedented sanctioning mechanisms. The Regulations will be even more binding for those organizations dealing with a lot of sensitive data which have to appoint an officer in charge of data protection (DPO, Data Protection Officer), an absolutely new role in our landscape”, as Deborah Bolco, partner at Pavia e Ansaldo, has underlined.
“Personal data protection falls within the Commission’s priorities: personal information is considered an essential component in the life of European citizens. With the forthcoming entry into force of the GDPR (General Data Protection Regulation) organizations are called upon to apply technological, procedural and organizational protection measures to comply with these principles, but also to avoid complaints from those affected, violations of personal data and consequent possible sanctions. RINA Services, as independent and third party entity, leads the various realities to face these new commitments, thanks to the experience gained at national and international level, in information security and privacy”, as Luigi Pavani, Business Development Manager at RINA Services, has stated.