DATA PROTECTION
Italian Data Protection Authority: favourable opinion on the draft Regulation for PA digital infrastructures and cloud services prepared by the Agency for National Cybersecurity (ACN).
The draft Regulation, which replaces the act previously adopted by the Agency for Digital Italy (AGID), takes into account the indications provided by the Guarantor in the course of the interlocutions. The document introduces a new article dedicated to the correct application of privacy regulations, which aims to ensure control, on the part of public administrations, over all those involved in data processing. In particular, it assigns PAs the role of data controllers, while digital infrastructure operators and cloud service providers are indicated as data processors.
The text also establishes the obligation for data controllers to adopt measures to ensure that administrations are promptly and adequately informed in the event of a data breach, given the volume and sensitivity of the data processed (health data, tax data). Data controllers will then have to provide PAs with appropriate tools to monitor the processing activities carried out by any sub-processors.
With regard to data transfers outside the European Economic Area, data controllers will be required to comply with the instructions of the administrations and to make available to them any information necessary to assess the effectiveness of the measures adopted.
The Regulation is part of the Italian Cloud Strategy, put in place by the Department for Digital Transformation and ACN, which contains the guidelines for the migration path towards the cloud of data and digital services of the Public Administration, also thanks to the National Strategic Pole (PSN), as a cloud infrastructure built on the impetus of the government.
The text also establishes the obligation for data controllers to adopt measures to ensure that administrations are promptly and adequately informed in the event of a data breach, given the volume and sensitivity of the data processed (health data, tax data). Data controllers will then have to provide PAs with appropriate tools to monitor the processing activities carried out by any sub-processors.
With regard to data transfers outside the European Economic Area, data controllers will be required to comply with the instructions of the administrations and to make available to them any information necessary to assess the effectiveness of the measures adopted.
The Regulation is part of the Italian Cloud Strategy, put in place by the Department for Digital Transformation and ACN, which contains the guidelines for the migration path towards the cloud of data and digital services of the Public Administration, also thanks to the National Strategic Pole (PSN), as a cloud infrastructure built on the impetus of the government.
