In order to unify and strengthen the enforcement of the rules of personal data protection of EU citizens, the European Commission adopted the General Data Protection Regulation – UE 2016/679.
The Regulation is entered into force on 25 May 2016 for all the European Union States, Italy included, and it will apply from 25 May 2018 onwards, after two years of transition, which is the necessary time to allow the companies to adapt to the corresponding requirements set out in this Regulation.
Hence, all the associations that collect, manage and use personal information (almost every company and public administration) have to comply with the new rules to ensure an higher level of protection of the privacy rights.
Because of the possible sanctions and compensations that can be request by citizens in case of data breaches, companies are carefully examining the impact of GDPR on the extant process of personal data protection: the numerous regulations are not easy to apply and can require large and high-priced intervention on software and on data.
In addition to this, complying with the new rules is becoming even more complicate with new scenarios, like the Internet of Things, which involve data ascribable to users (e.g. the “wearebles” case).
To comply with the Regulation, it is necessary to first understand which data have to come into full compliance with the new rules, in order to examine vulnerability and risk mitigation actions. Furthermore, DPO (Data Protection Officer) will be required at the IT new data management skills to monitor, to enforce the rules and to report the conformity with GDPR to the supervisor authority.
In particular, given the increase of the requirements of documentation and classification, it is necessary to know exactly where personal data are stored, especially unstructured data format (documents, emails, presentations and spreadsheets). This is fundamental to protect the same data, to minimize data conservation and to manage possible requests of correction and cancellation (e.g. to satisfy the right to be forgotten).
Nodes is a Data Centric Company which core business is to extract values from data to support business process. Nodes proposes a series of interventions using the technologies leader in Data Governance. These allow clients to respond to the challenge imposed by GDPR by identifying possible exposures and by activating procedures on time to mitigate the potential risk and all the connected consequences: