| Summary: | Regulation (EU) 2016/679, on the protection of personal data of individuals, is directly applicable in all Member States of the European Union, from 25 May 2018. In recent times, has been one of the most legal documents referred to and discussed, not always in the most appropriate way. The present study aims to analyze the fundamental aspects of this Regulation trying to contribute to refocus the debate, emphasizing the main changes in the new legal rules on data protection. So, it is of paramount importance, identify and assess the impact that the new regulatory paradigm introduces in the governance of organizations in the public and private sectors. A set of new obligations, which consolidated the existing legal framework, will have to respond to the rights of data subjects. Organizations will have to draw an internal system, with procedures and new organizational measures and techniques, capable of ensuring and demonstrating compliance with the European regulation. The new political and organizational architecture, public authorities and private enterprises, will have to be based on two fundamental principles that the regulation puts in the center of processing operations of personal data and what are the principles of purpose and necessity.Guaranteed respect for these principles, there are two essential conditions of legitimacy to be lawful processing of personal data which are the proprietor's consent and the existence of legal framework required. As a guarantee for the implementation and maintenance of a policy and a data protection system, applying the best organizational practices, the Regulation created the figure of the data protection officer. Not being mandatory assignment, the regulation sees, in this figure, a "provider" that ensures the continuity of the demonstrable compliance, in conjunction with the data subjects and the national supervisory authority.
|
|---|