Dossier, snooping and abusive access to personal data
The chronicles of the last few weeks in Italy have brought to everyone's attention the risk that bank accounts and many other data and information on individuals may be abusively acquired and used for illicit purposes.
We live in an era in which IT and computerisation of all human activities have become pervasive and essential to their performance.However, the legislator is not standing still and as of 16th October 2024, Legislative Decree No. 138/2024, which transposed European Directive 2555 of 2022, came into force in Italy.
This is a regulation alongside the data protection regulation, with which it should not be confused.
This regulation stipulates that companies and entities in many economic sectors, including, but not limited to, banking, transport, energy, food, motor vehicle and transport equipment manufacturing, electronic equipment manufacturing, as well as regional and municipal administrations, must take a whole series of measures to implement so-called ‘cyber security’.
The purpose of the regulation is to prevent unauthorised third parties from unlawfully collecting and acquiring information and data, and on the other hand, to ensure that the continuity of operations of all these entities is guaranteed.
What must companies and organisations actually do?
- adopt risk management and IT security and technical and organisational measures;
- register on the digital platform, made available to the authorities from 1st January to 28th February each year;
- notify the authorities of any technical failures within 24 hours.
Further implementation rules will follow by early next year.
And now the question: is the company or public body where you work getting ready to it ?
Last update november 2024