GDPR, what is it?
The EU Regulation 679/2016 on Privacy, approved on 14 April 2016 by the European Parliament and in force since 25 May 2018, replaces the previous Privacy Code of 2003.
The GDPR, the English acronym for General Data Protection Regulation, is a text of the law that is finally introduced with the same text in all EU countries and guarantees the same regulation of the protection of privacy to all European citizens.
The GDPR has been designed to strengthen the rights of the citizen with regard to the processing of their personal data, putting privacy first and providing for all forms of protection and defense and possible recovery of the damage suffered, for citizens, in a society in which the data of all of us are requested, processed and transmitted in a numerous series of operations and transactions.
The GDPR makes clear the fundamental elements of the “privacy issue” and that is the fundamental elements on which the Law is based, at this point the same throughout Europe.
Citizens’ rights regarding privacy
First of the elements that characterize the most modern management of privacy is the clear definition of the Rights of the Citizen of protection and management of their personal data, which clearly indicates the rights that every citizen enjoys and that can make veil at any time and towards any public and private entity excluding cases of judicial activity; They are:
- request confirmation of the existence or otherwise of personal data;
- obtain information about the purposes of the processing, the categories of personal data, recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the retention period;
- obtain the correction and / or cancellation of data;
- obtain treatment limitation;
- obtain data portability, ie receive them from the Data Controller or the Data Processor, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without hindrance;
- oppose the processing at any time and also in the case of treatment for direct marketing purposes;
- oppose an automated decision-making process for the processing of your data;
The law clarifies very well the principle according to which the Citizen to whom personal data are requested must provide his consent to use and to be able to do so must be correctly informed of the purposes for which the data are required. Consent must be requested through systems that guarantee “the expression of a free, specific, informed and unequivocal will of the interested party, with which he expresses his own assent”. Personal Data must be requested through a procedure that leaves no doubt to the Citizen about who will use them, for what purpose and for how long. In this way the individual right is defended to consider the data as an integral part of the personality of the Citizen, who will be able to make the use that he wants and protect them from uses not to his liking.
The processing of personal data
The Law clearly indicates which are the subjects that can, once received the consent, treat the Data of the Citizens who have conferred them.
- The first figure is that of the owner who is the subject who requests the data and collects the consent. It is also the subject, natural or legal person, against whom the previously mentioned Rights can be asserted;
- Then there is the Manager, who is the natural or legal person who, on behalf of the Data Controller, manages the Data;
- Finally, the law introduces the figure of the DPO (Data Protection Officer) who is appointed of the owner, is autonomous in its activities and works on the constant protection of data through the establishment of security systems and constant monitoring.
The law regulates the transfer of data both in Italy and in EU countries, trying to regulate it in a clear way and to favor it through some key principles. A series of stringent rules are also established for the transfer of data to countries outside the EU to prevent data from entering routes not covered by legislation.
The Law is developed according to the general principles of Quality Certification, ie trying to ensure that all the data path is traceable and that they are applied to all current safety regulations, along the entire supply chain, up to the cancellation from the systems. Quality is also expressed by ensuring, through appropriate procedures and training of personnel, that all operators are experts in data processing, who have adequate information on the purposes of their work and an adequate and updated training.
What GARANTEASY does to protect your data – Privacy by Design
The GDPR introduces the principle of Privacy by design, ie the construction of the data management system integrated in the construction of the Company’s operating system. Garanteasy has designed its own management system based on the responsibility of the user’s data, requiring only the minimum but essential data for the performance of the Service. The System is the result of a long work that was carried out from the beginning on the basis of the GDPR principles, applying all the security measures provided, as well as other technological systems able to guarantee the safety and total respect of the objectives of the System. what is foreseen by the Law. Garanteasy acts in terms of privacy under the control of the Privacy Guarantor to which it refers any change in the system.
Garanteasy assures and favors all its Users in the exercise of their rights, does not carry out direct marketing and any profiling of the data in its possession and does not transfer data abroad except within the EU and exclusively for service reasons.