Categories: Insights, Publications


26 Apr 2018

GDPR: security measures to support data protection (Newsletter Norme & Tributi n. 123 – Camera di Commercio Italo-Germanica – Vittorio De Luca, Luciano Vella)

The European Regulation on the protection natural persons with regard to the processing of personal data has abolished the minimum security measures that were at the basis of the “privacy policy” system and listed in Annex B of Legislative Decree No. 196/03. Pursuant to Article 32 of the Regulation, in fact, the Data Controller and Processor – taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing – must implement suitable measures to “guarantee a level of security appropriate to the risk”. This is because the Data Controller and Processor must be able to guarantee and demonstrate that they have done everything possible to limit the occurrence of a risk, in compliance with the principle of “accountability” which leaves them full freedom to identify the appropriate technical and organisational measures. To this end, both the Data Controller and the Data Processor cannot do without a gap analysis and a risk assessment, that is a preliminary assessment of the various risks. Should there be a risk of negative impact on the rights and fundamental freedoms of the data subject, this risk must be analysed through a specific evaluation process (e.g. impact assessment). In this sense, on the basis of the foregoing, the protocols relating to the Special Part of Model 231 on IT crimes must be kept updated, also in order to be able to demonstrate the status of compliance with the European data protection regulation.

Subscribe to our newsletter

Contact

Need information? Write to us and our team of experts will respond as soon as possible.

Fill in the form

More news and insights

8 Jul 2026

Pay transparency: one month after its entry into force, two approaches are emerging in the market (The Platform, 8 July 2026 – Vittorio De Luca, Claudia Cerbone e Martina De Angeli)

Since 7 June, EU rules aimed at strengthening the principle of equal pay between men and women for the same work or for work of equal value have…

2 Jul 2026

Did you know…? As of 7 June 2026, Legislative Decree No. 96/2026 is fully in force

As of 7 June 2026, Legislative Decree No. 96/2026 is fully in force. It also introduces into the Italian legal system a structured framework on pay transparency, with…

2 Jul 2026

Failure to serve disciplinary charges does not render the dismissal null and void: italian supreme court confirms no reinstatement remedy for employers below the statutory workforce threshold

Principle of Law In its recent judgment No. 17283 of 1 June 2026, the Italian Supreme Court (Corte di Cassazione) examined the legal consequences arising from the employer's…

2 Jul 2026

AI and the employment relationship: initial guidance from the implementing decrees and data protection implications

Following the preliminary approval by the Council of Ministers, on 10 June 2026, of the first draft legislative decrees implementing the enabling law on artificial intelligence (Law No.…

1 Jul 2026

Sustainability, Responsibility, and the Future: A Commitment That Grows with Time

As we celebrate our 50th anniversary, we have chosen to look to the future with the same care and dedication with which we preserve our roots. Those roots…

25 Jun 2026

Pay Equity and Pay Transparency: What Will Change in Italy (People are People, 25 June 2026 – Claudia Cerbone e Martina De Angeli)

With Legislative Decree No. 96 of 7 May 2026, which entered into force on 7 June 2026, Italy transposed Directive (EU) 2023/970 on pay transparency, becoming one of…