VIOLATION OF THE GDPR RULES
Responsibility profiles and consequent right to compensation. Solidarity in civil liability.
What are the responsibilities inherent in data processing, especially for those organizations, such as banking institutions, which base almost all of their operations and their core business on this treatment? They are essentially of three species: administrative, civil and penal, and the organization cannot do without carefully examining not only the technical aspects, in particular ICT, to protect the specificity of the processing operations, but must also be able to look at the legal and liability aspects.
In the attached article, to make the issue of civil liability for damages in the banking sector concrete, the case of Data Breach or other incidents capable of causing damage to customers is examined, also in light of the provisions of the Bank of Italy, the EU Directive PSD2 and the EBA guidelines on GDPR.
The article increases the awareness of the control functions of a company, mainly of the DPO, of INTA (Internal Auditing), of the 231 Supervisory Body, as well as of RISK (Risk Management). With this knowledge, the checks carried out / to be carried out on the whole or parts of the SGDP-C and the relative results can be considered accordingly in order to identify potential areas of risk for the company and consequently determine the priorities of the adjustment interventions.
It could be advisable to identify all the treatments that, carried out both as Data Controller and as Data Processor, could entail the risk of a compensation claim from the final parties concerned. Furthermore, it is advisable to verify the existence of this risk among the risks contemplated by the RISK MANAGEMENT method adopted in your company.