The European Parliament has approved the General Regulation on Data Protection (GDPR) n. 679/2016 entered into force on 25 May 2018.
The discipline became necessary following an improper use that some companies have put in place to damage their customers and/or employees.
The GDPR represents the most important regulatory novelty of this century in terms of protection of personal data, as it offers significant data protection and requires companies to be more responsible for the use of personal data, under penalty of the adoption of severe civil and criminal penalties .
With this Regulation, data protection plays a major role in business processes, with a significant impact on the processing of personal information relating to employees and customers. The new Regulation reinforces the level of data protection for all natural persons within the EU.
The GDPR, in articles 2 and 3, establishes the criteria for the material and territorial application of the legislation, placing a clear reference aimed at specifying who and what falls under his regime. Data processing subject to the new regulations, in continuity with the past, concerns both automated and semi-automated processes and also traditional (paper) ones, and therefore totally free of automatism.
Therefore, any processing of data performed for the supply of goods or provision of services to interested parties located in the European Union is subject to the GDPR. Treatments that fall within the exclusive competence of Member States such as national security, the EU’s common foreign and defense policy, are exempted.
Outside the scope of the GDPR, there are also treatments in the criminal field and for investigative purposes by the competent authorities. Ultimately, any data that a company deals with is in electronic or paper form is subject to the GDPR.
It is the same nature of the legislation that indicates the direction taken by the Community legislator in this sense: no longer a directive – leaving the Member States to translate the new principles into national laws – but a regulation, applicable directly on the whole territory of the EU.
Not a mere choice of style but a clear signal from the Union: the process of equating data protection standards is effective if it runs through a common path for all Member States and EU citizens.
FALGA has made the adjustment to the principles of protection of personal data established by the GDPR 2016/679 Regulation and the national legislation in force.
