All citizen data are processed, transmitted and stored in digital mode: information relating to fees, academic performance, medical treatment, criminal convictions and offenses.
They are data whose integrity, confidentiality and confidentiality must be guaranteed both to ensure that the provision of public services takes place in a reliable and correct way and to protect the privacy of citizens.
For this reason the rules require that anyone have right to the protection of their data processed by administrations in the exercise of institutional functions and in the provision of public services. In particular, institutions must take all appropriate security measures to protect data from the risks of accidental loss, theft, unauthorized access and unauthorized disclosure.
Personal data, then, must be processed in a lawful, correct and transparent way towards the interested party, that is the person to whom the data belongs (principles of lawfulness, correctness and transparency). The data must be collected for specific, explicit and legitimate purposes and subsequently processed in accordance with these purposes must be disclosed to the interested party.
The principle of data minimization, then, provides that they are adequate, relevant and limited to what is necessary with respect to the purposes for which they were collected and are processed. Therefore, more data than necessary must not be collected and processed.
Furthermore, the data must be kept for the time necessary to achieve the purposes for which they were collected, avoiding the risk of a “big brother”. To find out how their data is processed and to exercise their rights, each citizen can contact the Data Protection Officer (RPD or DPO) that each administration is required to appoint.
Against which subjects can the right be exercised?
- public administrations (e.g. municipalities, provinces, regions, ministries, local health authorities, schools, universities, professional associations, port system authorities, independent administrative authorities)
- public economic bodies and professional associations
- publicly controlled companies, excluding listed companies
- public service managers
What can you do thanks to the right to the protection and security of your data?
- always be informed about each treatment carried out by the administration that involves their personal data;
- ask for confirmation as to whether or not personal data is being processed and in this case exercise the right to access the data;
- have information in case of violation of their personal data;
- oppose the processing if deemed illegitimate;
- obtain the correction of inaccurate personal data or the integration of incomplete personal data;
- obtain the deletion of personal data when they are no longer necessary for the purposes for which they were collected, when the interested party withdraws consent or when the personal data have been unlawfully processed;
- exercise the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects or which significantly affects your person in a similar way;
- demand that their personal data be protected with adequate technical and organizational security measures;
- know if your data has been subject to loss, access or unauthorized disclosure (data breach).
to know more
Regulation (EU) 2016/679
LEGISLATIVE DECREE 30 June 2003, n. 196
Circolare AgID n. 2/2017
How to exercise your data protection rights – Privacy Guarantor
The National Cybersecurity Agency
If you have any questions or want to report a case of denied digital rights, write to [email protected] or send a whatsapp message to 393472794359.