{"id":24179,"date":"2018-11-28T23:00:00","date_gmt":"2018-11-28T22:00:00","guid":{"rendered":"https:\/\/www.delucapartners.it\/news\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/"},"modified":"2026-02-16T16:14:20","modified_gmt":"2026-02-16T15:14:20","slug":"data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority","status":"publish","type":"post","link":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/","title":{"rendered":"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority"},"content":{"rendered":"\n<p>Last October, the Data Protection Authority provided a range of significant clarifications on two of the main requirements &#8211; extremely important aspects of accountability &#8211; introduced with European Regulation 679\/2016 on data protection and privacy (\u201c<strong>Regulation<\/strong>\u201d):<\/p>\n<p>(i)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the Data Processing Register, in response to the FAQs published on 8 October on the Data Protection Authority\u2019s website, and<\/p>\n<p>(ii)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the Data Protection Impact Assessment (\u201cDPIA\u201d), as provided in Measure No. 467 of the Data Protection Authority, issued on 11 October.<\/p>\n<p><u>\u00a0<\/u><\/p>\n<p><strong>Data processing register<\/strong><\/p>\n<p>According to the Data Protection Authority, the \u201cRegister of processing activities\u201d (\u201cRegister\u201d) &#8211; as provided in article 30 of the Regulation &#8211; must contain all key information concerning the processing activities completed by the Controller. The document must be in written or electronic form and is the first document to be promptly made available on request of the Data Protection Authority or during an inspection.<\/p>\n<p>The Data Protection Authority has extended the pool of subjects that are required to keep the Register, so as to include <strong>all businesses<\/strong> that process personal data on a non-occasional basis (regardless of the number of people employed), commercial or craft establishments with at least one employee, self-employed professionals, associations and foundations and, lastly, condominiums, where \u201cspecial categories\u201d of data are processed.<\/p>\n<p>The Data Protection Authority has pointed out that the Register must contain the required level of \u201cminimum information\u201d, specifically:<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the <strong>purpose<\/strong> of each processing operation. In this regard, the recommendation is to also indicate the legal basis for processing, in addition to specifying the purpose for each type of processing (processing of employee data to manage the employment relationship; processing of supplier contact details when managing orders). The following recommendations are also made, again in reference to the legal basis: where \u201cspecial categories of data\u201d are processed, indicate one of the conditions set out in art. 9, par. 2 of the Regulation; where data relating to criminal convictions and offences are processed, indicate the specific provisions (national or EU) under which the processing is allowed pursuant to article 10 of the Regulation;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the <strong>categories of data subjects<\/strong> (e.g. customers, suppliers and employees) and the <strong>categories of personal data<\/strong> (e.g. personal details, medical information, biometric data);<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the <strong>categories of recipients<\/strong> to whom the data are disclosed (other controllers to whom the data are disclosed, including their category, for example, to social security institutions to fulfil payment obligations). The Data Protection Authority also advises that it would be appropriate to indicate any other persons to whom &#8211; as processors or sub-processors &#8211; the data are disclosed (e.g. to payroll processing companies). This is to ensure that the Controller has knowledge of the number and type of entities to whom data processing operations are assigned;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong>any transfer of data to third countries<\/strong>, indicating the Countries\/the Third Parties to which the data are transferred and the safeguards applied in accordance with the Regulation;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the <strong>period for which the personal data are stored<\/strong> (e.g. in the case of employment relationships, the data must be stored for 10 years from the date they were last recorded) and, lastly,\u00a0<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 a <strong>general description of the <\/strong>(technical and organisational) <strong>security measures <\/strong>put in place for each processing operation, including the possibility to reference external documents of a generic nature (e.g. internal procedures) to allow a more comprehensive assessment.<\/p>\n<p>&nbsp;<\/p>\n<p>The Data Protection Authority has reiterated that the Register must be updated <strong>on an ongoing basis<\/strong> so that its contents reflect the actual situation of the processing operations carried out. In essence, any changes must be immediately recorded in the Register and explained.<\/p>\n<p>The <strong>Processor <\/strong>is also required to keep a Register of the processing operations. The Data Protection Authority has clarified that the keeping of such Register must comply with the following:<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if the Processor is acting on behalf of customers who are separate and autonomous controllers (e.g. software house company), the <strong>information<\/strong> set out in article 30(2) of the Regulation must be <strong>recorded in the Register in reference to each of the aforesaid controllers<\/strong>. In this case, the Processor will divide the Register into the same number of sections as the number of autonomous controllers on behalf of which he\/she is acting or, alternatively, a reference can be added, for example, to a customer (controller) information card or database containing a description of the services supplied to them. The customer information cards should in any event contain the information required under article 30(2) of the Regulation;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 having regard to the \u201c<strong><em>record of all categories of processing activities carried out<\/em><\/strong>\u201d, a reference can be made to the <strong>contents of the contract of appointment as processor<\/strong>, which, pursuant to article 28 of the Regulation, should set out, in particular, the nature and purpose of the processing, the type of personal data and categories of data subjects and the duration of the processing;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 likewise, in the case of <strong>sub-processors<\/strong>, the Register of the processing operations carried out by them can specifically reference the contents of the contact entered into between the sub-processor and the Processor pursuant to article 28 of the Regulation.<\/p>\n<p><strong>Data protection impact assessment<\/strong><\/p>\n<p>Measure No. 467 of the Data Protection Authority provides a list of 12 types of processing activities in relation to which a Data Protection Impact Assessment (DPIA) must be carried out. Such requirements are therefore in addition to the provisions contained in article 35 of the Regulation and in the guidelines issued by the WP29 (now European Data Protection Board), as provided in 2017.<\/p>\n<p>The DPIA is a particularly delicate operation in terms of \u201cprivacy compliance\u201d, since it requires the Controller to carefully assess and consider the related technical and organisational measures, which must be able to prevent risks to the rights and freedoms of the natural persons concerned.<\/p>\n<p>In addition to the three examples given in article 35 of the Regulation &#8211; profiling, systematic monitoring of a publicly accessible area on a large scale and processing on a large scale of special categories of data (formerly, \u201csensitive data\u201d) &#8211; there are nine other cases, as listed in the WP29 guidelines, for which the DPIA is mandatory. The Italian Data Protection Authority has provided further clarifications in this respect.<\/p>\n<p>In detail, the Data Protection Authority requires that a DPIA is carried out in advance for the following categories of processing:<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 evaluation-type processing, scoring on a large scale and profiling;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Automated-decision making with legal or similar significant effect for the data subjects (e.g. screening customers of a bank using information obtained from a central credit register);<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing that enables the systematic use of data for observation and monitoring purposes (e.g. online or using apps);<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong>processing on a large scale of strictly personal data<\/strong> (e.g. emails) or which have impacts on fundamental rights (location, which if collected may affect freedom of movement);<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong>processing in the context of employment relationships, using technological means (e.g. video surveillance or geolocalisation) that enable the remote monitoring of an employee\u2019s activity<\/strong>;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing that involves vulnerable data subjects (minors, people with disabilities, etc.);<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing with innovative technologies (IoT or AI);<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing that involves the exchange of data between several controllers, on a large scale;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing by means of interconnection or similar methods (e.g. mobile payments);<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 processing of \u201cspecial categories\u201d of data or, in any event, concerning criminal convictions;<\/p>\n<p>&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 systematic processing of biometric data and, lastly, genetic data.<\/p>\n<p>From a \u201ccomparative\u201d perspective, compared to the French Data Protection Authority (CNIL), the Italian Authority does not make specific reference to processing in relation to \u201cwhistleblowing systems\u201d.<\/p>\n<p>It should be noted, however, that the list of the 12 types of processing &#8211; due to be published on the Italian Official Journal &#8211; is not an exhaustive list: while the DPIA is required when at least one of the 9 cases listed in the WP29 guidelines is present, it can (and should) be also carried out whenever deemed necessary by the Controller.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.delucapartners.it\/en\/news\/2018\/effective-from-25-may-the-european-regulation-on-the-protection-of-personal-data-has-entered-in-full-force\/\"><span style=\"margin: 0px; line-height: 107%; font-family: 'Verdana',sans-serif; font-size: 9pt;\"><\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last October, the Data Protection Authority provided a range of significant clarifications on two of the main requirements &#8211; extremely important aspects of accountability &#8211; introduced with European Regulation 679\/2016 on data protection and privacy (\u201cRegulation\u201d): (i)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the Data Processing Register, in response to the FAQs published on 8 October on the Data Protection Authority\u2019s [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[177,190,203],"tags":[869],"class_list":{"0":"post-24179","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-insights","8":"category-practice","9":"tag-garante-en"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority - De Luca &amp; Partners<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/posts\/24179\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority - De Luca &amp; Partners\" \/>\n<meta property=\"og:description\" content=\"Last October, the Data Protection Authority provided a range of significant clarifications on two of the main requirements &#8211; extremely important aspects of accountability &#8211; introduced with European Regulation 679\/2016 on data protection and privacy (\u201cRegulation\u201d): (i)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the Data Processing Register, in response to the FAQs published on 8 October on the Data Protection Authority\u2019s [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/\" \/>\n<meta property=\"og:site_name\" content=\"De Luca &amp; Partners\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-28T22:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-16T15:14:20+00:00\" \/>\n<meta name=\"author\" content=\"Melismelis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Melismelis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/\"},\"author\":{\"name\":\"Melismelis\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#\\\/schema\\\/person\\\/00d0832a12e3889dce887a31e29d65f8\"},\"headline\":\"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority\",\"datePublished\":\"2018-11-28T22:00:00+00:00\",\"dateModified\":\"2026-02-16T15:14:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/\"},\"wordCount\":1334,\"publisher\":{\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#organization\"},\"keywords\":[\"Garante\"],\"articleSection\":[\"Insights\",\"Insights\",\"Practice\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/\",\"url\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/\",\"name\":\"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority - De Luca &amp; Partners\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#website\"},\"datePublished\":\"2018-11-28T22:00:00+00:00\",\"dateModified\":\"2026-02-16T15:14:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/insights\\\/prassi\\\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/\",\"name\":\"De Luca & Partners\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#organization\",\"name\":\"De Luca & Partners\",\"url\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.delucapartners.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/De-Luca-Partners.png\",\"contentUrl\":\"https:\\\/\\\/www.delucapartners.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/De-Luca-Partners.png\",\"width\":600,\"height\":56,\"caption\":\"De Luca & Partners\"},\"image\":{\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.delucapartners.it\\\/en\\\/#\\\/schema\\\/person\\\/00d0832a12e3889dce887a31e29d65f8\",\"name\":\"Melismelis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/abc81b0c708aea145c773c368ae5bc3f1f3fd0d40a61429cb96d09523d41ab66?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/abc81b0c708aea145c773c368ae5bc3f1f3fd0d40a61429cb96d09523d41ab66?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/abc81b0c708aea145c773c368ae5bc3f1f3fd0d40a61429cb96d09523d41ab66?s=96&d=mm&r=g\",\"caption\":\"Melismelis\"},\"sameAs\":[\"https:\\\/\\\/www.delucapartners.it\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority - De Luca &amp; Partners","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/posts\/24179\/","og_locale":"en_US","og_type":"article","og_title":"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority - De Luca &amp; Partners","og_description":"Last October, the Data Protection Authority provided a range of significant clarifications on two of the main requirements &#8211; extremely important aspects of accountability &#8211; introduced with European Regulation 679\/2016 on data protection and privacy (\u201cRegulation\u201d): (i)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 the Data Processing Register, in response to the FAQs published on 8 October on the Data Protection Authority\u2019s [&hellip;]","og_url":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/","og_site_name":"De Luca &amp; Partners","article_published_time":"2018-11-28T22:00:00+00:00","article_modified_time":"2026-02-16T15:14:20+00:00","author":"Melismelis","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Melismelis","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/#article","isPartOf":{"@id":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/"},"author":{"name":"Melismelis","@id":"https:\/\/www.delucapartners.it\/en\/#\/schema\/person\/00d0832a12e3889dce887a31e29d65f8"},"headline":"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority","datePublished":"2018-11-28T22:00:00+00:00","dateModified":"2026-02-16T15:14:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/"},"wordCount":1334,"publisher":{"@id":"https:\/\/www.delucapartners.it\/en\/#organization"},"keywords":["Garante"],"articleSection":["Insights","Insights","Practice"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/","url":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/","name":"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority - De Luca &amp; Partners","isPartOf":{"@id":"https:\/\/www.delucapartners.it\/en\/#website"},"datePublished":"2018-11-28T22:00:00+00:00","dateModified":"2026-02-16T15:14:20+00:00","breadcrumb":{"@id":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.delucapartners.it\/en\/insights\/prassi\/data-processing-register-and-impact-assessment-clarifications-provided-by-the-data-protection-authority\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.delucapartners.it\/en\/"},{"@type":"ListItem","position":2,"name":"Data Processing Register and Impact Assessment: clarifications provided by the Data Protection Authority"}]},{"@type":"WebSite","@id":"https:\/\/www.delucapartners.it\/en\/#website","url":"https:\/\/www.delucapartners.it\/en\/","name":"De Luca & Partners","description":"","publisher":{"@id":"https:\/\/www.delucapartners.it\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.delucapartners.it\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.delucapartners.it\/en\/#organization","name":"De Luca & Partners","url":"https:\/\/www.delucapartners.it\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.delucapartners.it\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.delucapartners.it\/wp-content\/uploads\/2026\/01\/De-Luca-Partners.png","contentUrl":"https:\/\/www.delucapartners.it\/wp-content\/uploads\/2026\/01\/De-Luca-Partners.png","width":600,"height":56,"caption":"De Luca & Partners"},"image":{"@id":"https:\/\/www.delucapartners.it\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.delucapartners.it\/en\/#\/schema\/person\/00d0832a12e3889dce887a31e29d65f8","name":"Melismelis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/abc81b0c708aea145c773c368ae5bc3f1f3fd0d40a61429cb96d09523d41ab66?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/abc81b0c708aea145c773c368ae5bc3f1f3fd0d40a61429cb96d09523d41ab66?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/abc81b0c708aea145c773c368ae5bc3f1f3fd0d40a61429cb96d09523d41ab66?s=96&d=mm&r=g","caption":"Melismelis"},"sameAs":["https:\/\/www.delucapartners.it"]}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/posts\/24179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/comments?post=24179"}],"version-history":[{"count":1,"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/posts\/24179\/revisions"}],"predecessor-version":[{"id":24180,"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/posts\/24179\/revisions\/24180"}],"wp:attachment":[{"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/media?parent=24179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/categories?post=24179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.delucapartners.it\/en\/wp-json\/wp\/v2\/tags?post=24179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}