Is compliance with the regulations, therefore, aimed exclusively at avoiding controls and penalties?
Are the risks of inspection real?
After the eight months during which the Italian Privacy Authority took into account the phase of entry into force of the regulation, compliance with the prescriptions identified by the latter and by the Italian implementing regulation (Legislative Decree 101/2018) is of primary importance in order to avoid the application of significant corrective measures (for example, mandatory security measures to be implemented where processing is carried out, both physical locations or IT equipment, appointment of a DPO or limitation of the data to which individual employees can have access), sanctions (up to 2/4% of annual revenue and 10/20 million euros) or disqualifications (deletion of data or interruption of the processing).
The Italian Privacy Authority’s action focuses on certain priority areas selected every six months, but is not conducted exclusively of its own motion, throughout a certain area or by sample, as it may also originate from requests of interested parties, started through claims, complaints or even mere reports, or be subsequent to a loss of data or data breach (to be reported within 72 hours to the Italian Privacy Authority, highlighting all the measures taken to prevent this possibility), or even be consequent to the exercise of the rights of the data subject, in case the controller or processor has not acted upon.
Nothing on this site constitutes legal consultancy. The information contained on the site cannot be relied upon without prior and necessary professional legal advice.