On 25 May 2018, the European Regulation on the protection of personal data has entered into full force in each member state of the European Union (including Italy). Among the major changes there are: focus on the accountability of the data controllers and data processors, the introduction of the Data Protection Officer (so-called DPO) as well as the obligation to (i) perform, at the occurrence of specific circumstances, an impact assessment; (ii) notify the Data Protection Authority and notify the data subject in the case of “data breach” and (iii) keep a Data Processing Record. The penalties for those failing to comply with the Regulation can reach up to 4% of the overall annual turnover related to the previous fiscal year.