The appointment is getting closer and closer: the General Data Protection Regulation will enter into force on 25 May all over Europe.

Which is why you should know what you're going to encounter and act accordingly. Any violations of privacy and data security by companies, online sales activities, freelancers and other realities will in fact be punished with penalties which in some cases can even become heavy, which can reach, in the most serious cases, the astronomical figure of 20 million euros or 4% of the turnover for a whole year.

Sure, you have to commit serious crimes to be penalized in this way, but even without looking at extreme situations, ending up in the sights of the Guarantor is a far from remote eventuality. We at Innovando have followed the evolution of the GDPR right from the start and have come to the conclusion that complying is a duty towards the public and potential customers, but also a long-term investment to avoid nasty surprises.

So let's see in this editorial to shed light on the GDPR and define an action strategy valid at a community level. As always, let's start with the basics: GDPR stands for General Data Protection Regulation and indicates the new regulation of the European Union (in this case the n°2016/679), wanted to update a scenario considered fragmented, obsolete and in many cases ambiguous. The GDPR operates like a sort of sponge, replacing all the regulations present in individual states, including Switzerland. But why does Switzerland also have to comply with the conditions set by the GDPR? The answer to this question allows us to understand more precisely the scope of this regulation, since all those who are interested are all those who collect, manage, transfer or analyze the data of EU citizens through software. And here is the central point: as long as your site has integrated a system such as Google Analytics, Pushcrew, Pixel Facebook and so on, and here is a visit from a user from Germany or Italy risks turning into an unwitting violation of the law!

FROM THE COOKIE POLICY AND PRIVACY POLICY TO THE CONCEPT OF COMPLIANCE

Nowadays, the legislation provides that every website, e-commerce, landing page, blog, portal or magazine clearly states the cookie policy and the privacy policy. These two tools, starting from 25 May, will be "incorporated" by the new GDPR, so in fact they will have to be enriched and remodulated in compliance with the provisions of the regulation. The direction in which they will have to move small, medium and above all large companies it bears the name of Compliance, an already current concept which, however, had never involved the privacy issue in such a profound way. From now on, on the contrary, compliance (or compliance) will have to enter the business agenda, in particular with the introduction of the Data Protection Officer (or DPO). This is essentially the new data protection manager, in charge of monitoring and safeguarding the wealth of data collected over the years by the company through emails, online sales, profiling, competitions, etc ... A figure still being defined, which will be decisive for protect your data with maximum security and professionalism

HOW AND WHEN TO MOVE TO BE IN COMPLIANCE WITH THE GDPR

No doubt the administrative burden imposed by the new regulation is heavy, especially for companies that have never anticipated and are now suddenly faced with the amount of work and updates required by the European Union. Indeed, there was no shortage of critical voices, especially as the complexity of the GDPR creates some gray areas that remain such even at the end of a more careful analysis. So should we fear the worst right away? Not really: in France and in all probability in other European countries there has been talk for some time of a grace period of 6 months or more during which the Guarantor will not take measures except for violations that already existed before the entry into force of the regulation. On the other hand, it matters don't put it off longer than necessary and protect yourself no later than 24 May 2018. How?

The best solution is to contact a competent lawyer, better if already involved in other projects. A qualified specialist who knows the company's critical issues in advance will be able to follow the company in the process of adapting to the GDPR, customizing the data management, collection and use strategy based on the operations carried out by the set of plug-ins, software, appropriate IT platforms and systems. Alternatively, it is possible rely on online services of proven reliability, developed to support the customer in fulfilling the established obligations. Among the best known of these services is Iubenda, for some years now a leader in the sector of privacy and cookie policy generators, whose product offering now includes a complete suite to guarantee compliance (or compliance) with the GDPR. There is no shortage of lesser known but equally valid services such as Nibirumail, capable of ensuring a user experience that lives up to expectations.

AND WHAT ABOUT OUR CUSTOMERS? DON'T PANIC!

At this point, the customers who read us and the people who, for one reason or another, may need us, will be wondering how we intend to move so as not to miss the appointment with the GDPR. Although Innovando is not a law firm but a web agency expert in communication, we are first and foremost interested in assist the customer by illustrating, through a dedicated consultancy, the options to consider in order not to take risks. Anyone who has already been followed by our agency will be able to receive information and technical help and consequently decide the timing, methods and budget to invest. We are available to collect feedback, requests and any other kind of contact and answer questions with the professionalism that has always distinguished us.