GDPR, from theory to practice!
How should the policy be written and what should I write?
What information should I report in the register of processing operations? Who is the DPO and how is it designated?
These are just a few questions that the GDPR workshop held by Assintel tried to answer. The first to speak was the Italian Data Protection Authority who introduced the norm, stressing the importance of awareness of the Gdpr, while Colonel Menegazzo illustrated the role of the Italian financial police, the inspection activity and GDPR sanctions that can reach up to € 20,000,000 because of illicit treatment, communication and distribution of data, fraudulent acquisition of personal data, non-compliance with provisions and false declarations to the Data Protection Authority.
In addition, the Colonel focused on the importance of accountability, which we could think of a circular process that starts from lawfulness, correctness and transparency of data, passing through limitations of the purposes, minimization of data, accuracy, limitation of conservation, integrity and confidentiality, finally returning to lawfulness, correctness and transparency. Always linked to accountability there is the compliance aspect, which it is not enough to respect the normative requirements, since it is necessary to be able to prove it.