THANK YOU FOR SUBSCRIBING
Data Protection In The New Digital Age
Dr Laura Quaroni, Head Of Privacy & Security, Banca Ifis
The financial sector is undergoing rapid and continuous change, accelerated by new technologies and digital innovations that offer opportunities but also risks, the consequences of which can severely impact all those involved. For this reason, it is essential to adopt security measures and adequate regulatory safeguards (GDPR and others).
Supervision of Cyber Security and Data Protection is vital in order to protect organisations against any negative impacts and the repercussions from compliance with regulations, laws and contractual requirements.
This demands a risk-based approach and the definition of security and data protection measures, which are already being drawn up (security by design, privacy by design).
With the entry into force of the GDPR, concepts such as privacy by design and by default have played a central role in the implementation of personal data protection in companies and organisations, taking a circular approach that governs aspects of privacy right from the initial planning.
Article 25 of the GDPR, in particular, introduces the principle of privacy by design and privacy by default, an innovative conceptual approach that obliges companies, when launching a project, to furnish the tools and the proper personal data safeguards from the outset.
Furthermore, the risk-based approach introduced by the GDPR imposes a requirement for greater awareness of the fact that whoever acts as a Data Controller of personal data exposes data subjects (customers, employees, etc.) to potential risks. This must be regarded as the starting point when applying the principles and safeguards laid down by the legislation. Some of these, such as accountability, privacy by design and by default, as mentioned above, can only be helpful to Data Controllers in adopting appropriate measures and precautions.
It should be noted that the GDPR also lays down a fundamental principle, that of accountability, which requires organizations to implement appropriate technical and organisational measures. They must also be ready give evidence of these measures and their effectiveness when called upon to do so.
Banca Ifis is fully aware of the importance of embedding information security and data protection as the basis of the digitisation project and, for this reason, our privacy and cyber security specialists are constantly engaged in implementing all the necessary measures
In line with the Industrial Plan 2022- 2024 "D.O.E.S", Banca Ifis has accelerated the digitisation process and this has inevitably brought with it an increase in the amount of data and information that needs to be stored and managed, demanding a strict approach to security and data protection. The more the business operates digitally, which is the current trend today and not only in the finance sector, the more it becomes necessary to prevent risks rather than waiting for emergencies before dealing with them.
With the attention to the regulations that mark it out, the Bank’s digitisation process sees data protection legislation as an enabling factor in attaining its goals, fully aware of the quality of its customer management and, at the same time, regarding regulatory compliance as an opportunity to proceed safely and successfully by taking account of this at the very beginning of company projects. Banca Ifis is fully aware of the importance of embedding information security and data protection as the basis of the digitisation project and, for this reason, our privacy and cyber security specialists are constantly engaged in implementing all the necessary measures.
The adaptation to legislation in general, and the GDPR in particular, is seen as an opportunity for Banca If is: greater transparency towards all its stakeholders, greater protection of the data at the heart of every business, greater trust on the part of the customer.