GCSEC and Europrivacy have published a survey on how the organizations are preparing themselves for the adoption of the new European General Data Protection Regulation (GDPR) and the impacts that it will determine on the public sector, the big Italian companies and SMEs. The survey is completely anonymous; it can be completed here.
The new European GDPR entered into force on 24 May 2016, is posing a number of questions to the European organizations that must comply by 25 May 2018. GDPR is directly applicable and binding to all European Member States, without a National Law Review, and is applicable also to foreign companies that provide services or products inside the European Union. The GDPR presents many challenges. It introduces new obligations like the communication of personal data breaches, adoption of a risk-based approach, “right to be forgotten”, right to data portability, and “privacy by design-default” principle. The GDPR identifies also a new figure, the Data Protection Officer (DPO) that has to ensure a correct privacy management inside the organization.