OBLIGATIONS FOR COMPANIES AND PUBLIC ADMINISTRATIONS

• Data protection impact assessment or Privacy Impact Assessment (PIA): periodically assess the risks associated with privacy management, mitigation measures adopted and disaster recovery plans.
• Creation of a treatment register: that is to keep track of which data you possess, with what rights, for how long and for what purpose
• In the event of a Data Breach timely communication to the competent authority and the interested party according to the guidelines of the Privacy Authority.
• Guarantee the right to cancellation, limitation, rectification of data, in response to a request from the interested party
• Appointment of a Data Protection Officer (DPO)
• Ensure data portability

HOW TO ADDRESS GDPR

• To properly address GDPR and be compliant, it is necessary to start from the impact assessment or PIA. This activity should involve the organization at all levels and can be an opportunity to improve business processes, if performed correctly.
• Subsequently, a gap analysis must be carried out, comparing the outcome of the PIA (the current state) with the requirements of the privacy regulation and devising an improvement plan (if necessary) both in terms of processes and skills and technologies. There are also several technological solutions useful for supporting privacy management.
• JS Italy helps organizations to face GDPR, both with consulting activities and with the provision of technological solutions through its partners.