The European Regulation on the protection natural persons with regard to the processing of personal data has abolished the minimum security measures that were at the basis of the “privacy policy” system and listed in Annex B of Legislative Decree No. 196/03. Pursuant to Article 32 of the Regulation, in fact, the Data Controller and Processor – taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing – must implement suitable measures to “guarantee a level of security appropriate to the risk”. This is because the Data Controller and Processor must be able to guarantee and demonstrate that they have done everything possible to limit the occurrence of a risk, in compliance with the principle of “accountability” which leaves them full freedom to identify the appropriate technical and organisational measures. To this end, both the Data Controller and the Data Processor cannot do without a gap analysis and a risk assessment, that is a preliminary assessment of the various risks. Should there be a risk of negative impact on the rights and fundamental freedoms of the data subject, this risk must be analysed through a specific evaluation process (e.g. impact assessment). In this sense, on the basis of the foregoing, the protocols relating to the Special Part of Model 231 on IT crimes must be kept updated, also in order to be able to demonstrate the status of compliance with the European data protection regulation.

Alberto De Luca will participate to the round table discussion organized on the occasion of the HR FORUM “Le Fonti”, scheduled for 31 May, to deepen the knowledge on the impact on companies and employees brought forth by the New European Regulation for the processing of personal data.

In particular, Mr De Luca’s attention will be focussed on the impact that the privacy regulation is having on corporate compliance, taking account of the impact on both organisation, management and control models, and the new legislation on whistleblowing. He will also reflect on what must be a balance of interests in this regard between the reporting person’s right to anonymity and the implicated person’s right not to have his data processed without his consent.

Click here for more details.

The De Luca & Partners law firm has launched a prize for the most responsible companies in terms of employment and human resources, with these issues considered strategic levers for businesses. Candidacies to be submitted by 31 July. The director of ETicaNews will also sit on the panel of judges.

Normally, it is law firms who contribute towards awarding prizes. This time, the roles have been reversed. And it is significant that this inversion concerns an aspect of CSR. Over the last few days, De Luca & Partners, specialised in employment law and industrial relations, launched the first edition of the Excellence & Innovation HR Award, a reward for the most responsible companies.

Candidacies, which must be submitted no later than 31 July 2018 following the instructions detailed on the official HR Award site, will be assessed according to a series of criteria:

• the ability to promote competitiveness and productivity;

• the ability to promote social cohesion and resolve conflicts;

• the ability to pursue the development and wellbeing of the individual;

• wide vision and capacity;

• inclusivity.

The short-list of finalists will be announced by 30 November 2018 and the award ceremony will take place in December through a dedicated event.

Click here to read the original version of the article.

Vittorio De Luca in this interview (in English) explains the major advantages related to the world of work in Lombardy for foreign investors interested in accessing the region. Flexibility for businesses, new tools for the resolution of conflicts, and better foreseeability of the costs of “separating” company and employee are some of the advantages in an area of the Country that excels for its productivity and the high quality of its human capital.

In fact, 2017 has been a positive year for the Lombardy-region economy: its overall growth, along with the improvement of the labour market, led to an increase in employment and a reduction of the unemployment rate. The data show that employment levels increased by 1.3% compared to the previous year, pushed by the service sector (+4.1%, 116,000 new employees), women (+2.6%, 47,000 women workers) and fixed-term contracts.

The interview with Mr. Vittorio De Luca took place as part of the initiative “Why invest in Lombardy #AskOurPartner” by Invest in Lombardy, a service dedicated to the promotion of foreign investments managed by Promos (a Special Agency of the Chamber of Commerce of Milan, Monza, Brianza and Lodi), promoted by Unioncamere Lombardia and supported by Regione Lombardia.

Click here to see the interview.

The European Regulation on the Protection of Personal Data is entering into force.

Starting from 25 May , 2018, the European Regulation will be fully operative, introducing many news on the matter of privacy; news that companies will have to deal with on a daily basis. First of all, the accountability principle is introduced: more freedom for Data Controllers and Data Processors in the choice of the measures to be adopted but also greater responsibility, especially in view of the penalties established to protect compliance with the Regulations, which has become more severe. Second of all, the new Regulations redefine their territorial scope of application: in fact, companies outside Europe but processing personal data of parties located within the European Union will also be subjected to the application of the Regulation. In addition, the methods in which data are transmitted outside the European Union are carefully regulated. The new legislation, in addition to reaffirming some fundamental rights already known, establishes new ones, such as the so-called right to data portability and the so-called right to be forgotten which, although already known in practice, has been officially regulated for the first time. Another new aspect, which was much discussed, is the mandatory appointment, under certain conditions, of a Data Protection Officer (DPO) tasked with supervising the correctness of the fulfilments in this regard and of acting as a point of contact between the various parties involved (Data Controller, Data Subjects, and Supervisory Authorities). Moreover, again in order to strengthen compliance with the Regulation, if data processing may put at risk the rights of Data Subjects, the Data Controller, prior to processing the data, shall carry out a potential impact assessment (PIA), focused on the analysis of the probability and severity of the risk. Furthermore, from the provision of the Regulation, the system of notifications and communications of possible violations of personal data (so-called Data Breach), is well regulated. In short, the Regulation represents a clear response by the European legislator to the evolution that the concept of “privacy” is undergoing, especially in light of the ongoing industrial revolution. It will, however, have to deal with the legal institutions existing in our system, first of all art. 4 of the Workers’ Statute and Whistleblowing Law 179/2017.