Italy EPP

Salvatore Iacolino

Country: Italy
Group: European People's Party (EPP)
Party: Il Popolo della Libertà (PDL)

Vice-Chair of Civil Liberties, Justice and Home Affairs
Substitute of International Trade

Overview Salvatore Iacolino

Amendments: 20
...stronger: 0
...weaker: 18
...neutral: 2

Amendments by Salvatore Iacolino

(12) The protection afforded by this Regulation concerns natural persons, whatever their nationality or place of residence, in relation to the processing of personal data. With regard to the processing of data which concern legal persons and in particular undertakings established as legal personsenterprises, pursuant to Article 4(15) of this Regulation, including the name and the form of the legal person and the contact details of the legal person, the protection of this Regulation should not be claimed by any person. This should also apply where the name of the legal person enterprise contains the names of one or more natural persons.
 
(34) Consent should not provide a valid legal ground for the processing of personal data, where there is a clear imbalance between the data subject and the controller. This is especially the case where the data subject is in a situation of dependence from the controller, among others, where personal data are processed by the employer of employees’ personal data in the employment context. Where the controller is a public authority, there would be an imbalance only in the specific data processing operations where the public authority can impose an obligation by virtue of its relevant public powers and the consent cannot be deemed as freely given, taking into account the interest of the data subject.
 
1. This Regulation applies – without any discrimination over the methods used – to the processing of personal data wholly or partly by automated means, and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
 
(c) adequate, relevant, and limitedproportionate to the minimum necessary in relation to the purposes for which they are processed; they shall only be processed if, and as long as, the purposes could not be fulfilled by processing information that does not involve personal data;
 
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;, including activities carried out for security reasons or to prevent and detect criminal offences;
 
(f) processing is necessary for the purposes of the legitimate interests pursued by a controller, processor or third party to whom the data are disclosed but which are not to be disseminated, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.
 
(fa) the data are collected from public registers lists or documents accessible by everyone;
 
4. Consent shall not provide a legal basis for the processing, where there is a significant imbalance between the position of the data subject and the controller.
 
1. Where personal data relating to a data subject are collected, the controller shall provide the data subject with at least the following information:. The following paragraphs do not apply to small enterprises in the course of their own activity and for data which is strictly and exclusively for their internal use.
 
(a) the identity and the contact details of the controller and, if any, of the controller's representative and of the data protection officer;;
 
(b) the purposes of the processing for which the personal data are intended, including the contract terms and general conditions where the processing is based on point (b) of Article 6(1) and the legitimate interests pursued by the controller where the processing is based on point (f) of Article 6(1);;
 
(c) the period for which the personal data will be stored;
 
(da) the data originates from publicly available sources; or
 
(d) (d) if known the period for which the personal data will be stored;
 
(da) for the prevention or detection of criminal offences, in particular identity fraud against the data subject and financial crimes;
 
1. The controller shall adopt policies and implement appropriate measures to ensure and be able to demonstrate that the processing of personal data is performed in compliance with this Regulation. Those measures shall be proportionate to the size of the controller, the nature of the data being processed and the impact of such processing on the data subjects.
 
3. The controller shall implement mechanisms to ensure the verification of the effectiveness of the measures referred to in paragraphs 1 and 2. If proportionate, this verification shall be carried out by independent internal or external auditors.
 
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 24 hours after having become aware of it, notify the relating to special categories of personal data, personal data which are subject to professional secrecy, personal data relating to criminal offences or to the suspicion of a criminal act or personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hours.relating to bank or credit card accounts, which seriously threaten the rights or legitimate interests of the data subject, the controller shall without undue delay notify the personal data breach to the supervisory authority.
 
2. Any body, organisation or association which aims to protect data subjects‘ rights and interests concerning the protection of their personal data and has been properly constituted according to the law of a Member State shall have the right to lodge a complaint with a supervisory authority in any Member State on behalf of one or more data subjects if it considers that a data subject's rights under this Regulation have been infringed as a result of the processing of personal data.
 
3. Independently of a data subject's complaint, any body, organisation or association referred to in paragraph 2 shall have the right to lodge a complaint with a supervisory authority in any Member State, if it considers that a personal data breach has occurred.