All legal entities offering information on the reliability of commercial entrepreneurs and managers will have to collect data only from public sources or directly from the data subject. The dossier must be updated and the data retention must have clear time limits. Companies are required to adopt appropriate measures in order to ensure security, integrity and confidentiality of the commercial information.

All entities offering information on the reliability of commercial entrepreneurs and managers will have to collect data only from public sources or directly from the data subject. The dossier must be updated and the data retention must have clear time limits. Companies are required to adopt appropriate measures in order to ensure security, integrity and confidentiality of the commercial information.

In all cases where the data are not directly provided from the data subject, the company will have to always declare the source of the personal data acquired.

All companies will have to publish a full privacy statement, at least on the own website. Those with a turnover of more than 300,000 Euros (in this field of activity) will have to put in place together a unique portal where insert the communications concerning the activities of commercial information.

Furthermore, the companies are also required to provide full and timely replies via e-mail to the questions on privacy made by the data subjects.

The companies will have to comply with the new measures within October 1, 2016, when the Code of conduct will enter into force.