GDPR (General Data Protection Regulation) makes the protection of personal data of citizens of the European Union homogeneous. It began to take effect on May 25, 2018.

The main regulatory reference is EU Regulation 2016/679 that, in Italy, will repeal the rules of the Code for the Protection of Personal Data (Legislative Decree No. 196/2003).

Also in Italy, the Privacy Authority provides guidelines for the interpretation of the GDPR, as well as useful resources. This authority is also responsible for supervising compliance with the regulation by organizations and individuals.


  • Data protection impact assessment or Privacy Impact Assessment (PIA): periodically assess the risks associated with privacy management, mitigation measures adopted and disaster recovery plans.
  • Creation of a treatment register: that is to keep track of which data you possess, with what rights, for how long and for what purpose
  • In the event of a Data Breach timely communication to the competent authority and the interested party according to the guidelines of the Privacy Authority.
  • Guarantee the right to cancellation, limitation, rectification of data, in response to a request from the interested party
  • Appointment of a Data Protection Officer (DPO)
  • Ensure data portability


  • To properly address GDPR and be compliant, it is necessary to start from the impact assessment or PIA. This activity should involve the organization at all levels and can be an opportunity to improve business processes, if performed correctly.
  • Subsequently, a gap analysis must be carried out, comparing the outcome of the PIA (the current state) with the requirements of the privacy regulation and devising an improvement plan (if necessary) both in terms of processes and skills and technologies. There are also several technological solutions useful for supporting privacy management.
  • JS Italy helps organizations to face GDPR, both with consulting activities and with the provision of technological solutions through its partners.