On 25 May, 2018, the European Regulation on the protection of personal data will become fully operative. The Regulation has the primary goal of harmonizing the protection system in terms of privacy at the European level, focusing on the concept of accountability of the Data Controller (in this case, the individual company). This concept entails that the Data Controller shall be able to demonstrate the practical implementation of the measures aimed at ensuring the application of the Regulation. Therefore, the Organization, Management and Control Models, as an integral part of the corporate prevention system, will have to be updated to be in compliance with the European regulations. This both in terms of identifying the high-risk areas and of adopting the procedures/protocols that can ensure exemption from administrative liability. During the process of alignment to the rules established by the Regulation, it will be necessary to keep into account that the applicable penalties may reach up to 4% of the global turnover generated by the Company in the previous year.