Last May 4^th, the new “EU Data protection Regulation” has been adopted, replacing the EU Directive 95/46 and the Italian Data Protection Code (leg. decree no. 196/2003).

The purpose is, on one side, to level out the several regulations on data protection of all the EU member states, through the adoption of the EU regulation, that is applicable directly in all EU countries, differently from the directive that just set out rules to be transferred by each country as they deem appropriate.

On another side, the Regulation carries out new principles, as “Privacy by design” and “Privacy by default”.

What?

“Privacy by design” means the duty of protecting data starting from the design stage, when an industry process is set up. The Data Controller shall evaluate the relevant risks for each data process, thus adopt the necessary prevention measures aimed to protect data and implement the respect of privacy principles.

“Privacy by default” means that personal data shall be processed in so far as they are deemed to be necessary for each specific purpose of the processing.

As concerns users, the following rights will be ensured: the right to oblivion, i.e. the right to obtain the cancellation of those data that are no more needed to be hold for the purposes for which they have been processed; the right to portability, i.e. the right to request the deliver of own data to an entity in order to transfer them to another entity, rapidly and without any sort of obstacles.

At the moment talking about the effects of the new Regulation is likely to be hard: for sure, the Data Protection Authority will have a main role in the following two years, in clarifying what the correct range of the new provision should be and how to comply with, in a world that is on-going globalized, open, digitalized and hoping (data) protected as well!