Strategic meetings scheduled starting in June

Background information/Scenario

In view of the application of the General Data Protection Regulation (“GDPR”) - scheduled for 25 May 2018 - the Italian DPA (“Garante”) announced in its last Newsletter the launch of a number of initiatives aimed at both providing useful information to public and private entities and at facilitating the process of adjustment to the new standards.

Main issues

It is worth stressing that just a few days ago, on May 25th, the Garante sent letters to the heads of the central government, to the public bodies, the Regions, the autonomous Provinces, and to other representative bodies announcing an operational plan providing for a series of meetings. Three meetings will be held within the next month and will entail a first confrontation with the public entities. The public bodies will be asked to illustrate which actions they have already implemented and possible needs for clarification. Furthermore, the meeting will be aimed at sharing in-depth studies and reflections from public stakeholders.

The meetings will be followed by additional gatherings from October, in which the Garante will provide guidelines and will provide support in the GDPR implementation process. The Garante will guide the participant entities in the identification of the most effective solutions for a proper transition to the new rules.

Particularly interesting for the business world is the fact that similar collaborative initiatives have been launched with regard to industry groups, namely Abi, Ania and Confindustria. The Garante is working on defining a timetable of meetings with such stakeholders. The presented process leaves room for further encounters between the Garante and businesses, which gives the private sector a unique opportunity to participate in the debate.

Practical actions

Companies should consider these initiatives as an occasion to monitor the process of guideline definition by the Garante in view of the application of the new regulatory framework. The Garante is indeed actively contributing, in synergy with other European data protection authorities, to the establishment of guidelines in order to facilitate the implementation of the innovations introduced by the GDPR. The Garante has already published the translations of the Article 29 Working Party’s Guidelines on Data Protection Officer (“Linee guida sul Responsabile della protezione dati”) and on the Right to Data Portability on its website together with its own EU Application Guide. In the coming months, the support work to the GDPR implementation process is expected to continue with the elaboration of additional guidance documents.

The private sector should play a pivotal role in orienting such developments by taking part in the above-mentioned meetings. In this way companies are able to gain two considerable advantages:

  • They would receive valuable guidance for the adoption of the new data protection regulatory framework;
  • They would have the opportunity to shape the process of definition and interpretation of the new obligations they will have to comply with in less than a year from now.