On the 25th of may the “General Data Protection Regulation”, also known as “UE 2016/679 Regulation” or “GDPR” has become effective.
The text of the regulation has been published by the European Official Journal on the 4th of may 2016, and has entered into force on the 25th of may of the same year. The subsequent two years of time were given in order for companies to acknowledge the content of the regulation and undertake a gradual act of compliance due by the 25th of may 2018.
The regulation is composed of a premise and 99 articles subdivided into 11 sections.
The main objective of the regulation is to safeguard the individual by protecting their personal data. Therefore the one true subject to be protected is data associated to people.
The evolution of information technology in the latest years permitted the creation of an inter-connected world through the Internet, and the possibility to exchange massive amounts of information. Today data about people has, in certain cases, become a “commercial product” aimed at commercial campaigns.
The new regulation is an Initiative of the European Parliament which puts itself next to the already existing laws in order to sensibilize companies by introducing new innovative concepts regarding the Responsibility concept.
It’s important to keep in mind that a European regulation is a legislative act promoted by the European Union and becomes law immediately in every Member State. In other words, a European Union Member State cannot decide to not comply.
Many articles start by citing the sanctions that the companies might go towards in case of non-fulfilment, like 4% of total annual earnings or 20 million Euros. It’s important to understand the essence of the new regulation and not to just adapt to it in order to not get fined.
The word “Privacy” might not be mentioned in the 99 articles of the new regulation.
It’s also true, though, that the term “privacy” has been used significantly more in the latest years and it’s the concept most frequently associated with the GDPR.
It’s important to remember that the GDPR is a regulation aimed at protecting personal data and regulate its use.
“Privacy” is the right for which every individual has to decide which information of its personal sphere wants to make known to others
When a person communicates their food intolerances or their religious belief to the company in which they work, there is no privacy violation if this information is used to decide which ingredients will be used in the workplace canteen.
The important part is that the person has to give their agreement after being informed on the motivation for which the company has asked for that information.
Obviously, if one’s religious belief would then be used by the HR office to make discriminatory choices, there would be a breach to the GDPR.
Often people tend to associate the word privacy to the GDPR because, in fact, a person will have a better guarantee of not being discriminated, of not being contacted for promotional purposes and of not having to remember when and why they gave their consent.
One of the fundamental aspects of the regulation is the obligation for education and sensibilization of the workers responsible for data processing, as established by the art. 39 “Tasks of the data protection officer”.
From these topics stems Aglea’s idea to create an e-learning education course on the GDPR thematic.
The content of the course is made up of six main pillars, here is the program:
Watch the course preview here (Italian language):
Do you want to publish the course on your e-learning platform? Contact us
Blog post originally translated from