With the Observatory data protection, House of Data Imperiali realizes periodical researches and insights, useful to companies, professional offices, institutions, to orient themselves in the world of privacy.

For those in the data business, 2020 was supposed to be the usual tumultuous year in which to analyze new databreach, decisions, and measures that actually happened. But Covid-19 has turned the agenda on its head.

An initial review of data protection one year after the introduction of the GDPR. Analysis, data and perspectives of a new legal era ushered in with the introduction of the GDPR.

2018 is the year of consolidation of the discipline of personal data protection and the free movement of information. Along with the well-known GDPR, within the EU, Directive 2016/680 on the use of personal data in criminal matters and Regulation 2018/1725 on the processing of personal data by EU institutions came into force; in parallel, the Union also approved Regulation 2018/1807 on a framework applicable to the free movement of non-personal data in the European Union, i.e., the other side of the coin of the data world.

2017 is the year marked by the launch of the so-called GDPR compliance programs, i.e. initiatives to enable companies to adapt to the new requirements of the Regulation and, therefore, to be GDPR compliant. The panorama offered by the market has been very varied and the two years offered by the EU legislator as a transition period to be used for compliance programs have not been used in the best way.

The year 2016 was full of news in the field of general information regulation; special mention should be made of the regulation on the processing of personal data, following the approval of the EU reform package, which has been awaited for more than four years.

2015 was the year of regulatory reforms in the broader field of information management.

The podium must certainly be awarded to the European data protection reform package, which crossed the finish line in the very last weeks of the year.

The year 2014, in the areas involving information, was characterized in the field of “privacy” by the monitoring of the developments of the EU reform package on the protection of personal data, in terms of 231, by the further enlargement of the predicate offenses and, in areas contiguous to these two strands, by the consolidation of legislation on anti-corruption and transparency, both in the public and para-public spheres.

It was 2006 when we decided to set up an online editorial service via email that would periodically explore the issues related to information management in the broadest sense. The analysis profile was always the one of greatest interest according to the companies’ perspective, since the initiative aimed at helping companies in the difficult path of interpreting our legislation.

Almost a quarter of a century has passed since I took part in the launching of a collective research project aimed at verifying the tightness of the statutory provisions of articles 4 (remote controls) and 8 (investigations on opinions) in relation to the advent of new information technologies.

The occasion, even before the irreplaceable scientific opportunity, brings to my mind the comparisons I had with Massimo d’Antona to whom, first of all, my thoughts go.

“This commentary on the legislation for the protection of personal data was born a year ago, from a bet of the Publisher (who inaugurated a series) and of the Authors (who invested important resources of time and passion in a great work). Beyond the best expectations, it has achieved remarkable results in terms of both public approval and sales.”

The work of the OECD, which ended in 1980 with the issuing of a number of guidelines, is still an undisputed reference point. The OECD understood that, in an increasingly global and technological scenario, information would become a primary element. For the individual, it is an asset to be protected, for the company, an asset in which to invest, and for the public administration, a further “opportunity” to regain credibility.

The enactment of law no. 675/1996 (better known as the “privacy law”), which introduced into our legal system the protection of individuals with regard to the processing of personal data, has provoked a lively debate in public opinion and among legal operators regarding the limits and extension of the right to privacy of personal data. The immediate necessity for companies and enterprises to have an operative instrument for the management of “privacy”, together with the numerous, significant pronouncements of the Guarantor on the subject, has led to the realization of this handbook, which is mainly addressed to those who process personal data in companies.

After years of debates and a long parliamentary gestation, the law 675/1996 has finally seen the light. This law regulates the protection of people and other subjects regarding the treatment of personal data. In this way, our country, the first in the European Union, implements Community Directive 95/46. In this way, the Agreement on the freedom of movement of persons within the so-called “Schengen area” can become operative.