HomeIco

Home

 InternalIco

Internal

 GlobalIco

Global

 ContattoIco

Contatto
it

Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.
Media Pubblicazioni Newsletter Data Protection Bites Data Protection Bites 3/2020 Published the inspection plan of the Data Protection Authority

Published the inspection plan of the Data Protection Authority

PrintMailRate-it

On February 6th, the Italian Data Protection Authority has published its inspection plan, relating to dawn raids  to be carried out in the first semester of the year (January-June 2020). 

In order to better prepare and manage the inspections, it will be necessary to have: a procedure for the inspections, a checklist of the main controls, especially: the evidences of assessment carried out, the list of technical and organizational measures adopted, including the organizational model, privacy notices, consents and related evidence on the systems, marketing procedures, Cyber security measures, NIS and cybersecurity protocols, ISO certification- with reference to the specific industry area. All of these elements matched with an organic monitoring plan will help clients and their DPOs to better target the inspection activities.

The focus of the inspection, led by the Italian Data Protection Authority Cabinet, even via the Italian Guardia di Finanza, will consist of: 


  • Controlling public and private subjects, belonging to homogeneous categories on legitimate processing requirements and to consent conditions (where the processing is based on that condition), concerning the information obligation and the data retention period. These activities shall be made giving specific attention to substantial profiles of processing activities leading to effects to the data subjects; 
  • Making assessments concerning general points of interest on data subjects’ categories linked to the areas of personal data processing activities carried out:
  • By multinational companies in pharmaceutical and health industry, concerning special categories of data; 
  • By public entities on the so-called initiative medicine; 
  • Through application systems used to report unlawful conducts (Whistleblowing);
  • By companies for marketing purposes;
  • Within online banking services; 
  • By intermediaries for e-invoicing; 
  • By public entities when releasing civil status records and certificates by accessing the ANPR system; 
  • By private companies and public entities within the management and recording of phone calls in the call center field; 
  • By companies with special reference to the profiling activity on data subjects applying to loyalty programs; 
  • By companies operating in the “Food Delivery” industry; 
  • By private companies in reputational banks field; 
  • Data Breaches.

CONTACT

Contact Person Picture

Nadia Martini

Avvocato

Partner

+39 02 6328 841

Invia richiesta

Profilo

 RÖDL & PARTNER ITALY
Discover more about our offices in Italy. Read more »

 DATA PROTECTION BITES

Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR.
Deutschland Weltweit Search Menu