General Data Protection Regulation 679/2016

The GDPR regulation establishes rules concerning the protection of personal data

The GDPR (General Data Protection Regulation), which entered into force in April 2016 following its publication in the Official Journal of the European Union, is applicable from May 2018 and is mandatory in all its elements and directly applicable in each of the Member States.

RINA offers different services to the organizations, in relationship to the business context and the sector of affiliation:

Regulatory focus

The regulation establishes rules concerning the protection of physical people with regard to the treatment of personal data, as well as rules concerning the free movement of such data.
Protects the rights and the fundamental freedoms of the physical people, in particular the right to the protection of personal data.

"Personal data" intends any information regarding a physical person, identified or identifiable through information such as the name, an identification number, location data, an online identifier or one or more characteristic elements of its physical identity, physiological, genetic, psychic, economic, cultural or social GDPR 679/2016, ex art. 4).

With the GDPR, have been underlined a series of points of fundamental importance, such as:


The steps to reach to compliance with the GDPR can be summarized with the following steps:


Over time we have developed skills - both on the field and in working groups - in services applicable to the management of personal data and IT processes.

We are accredited for the personnel certification on various standards, as well as for the certification of IT services such as ISO 27001, ISO 20000, ISO 22301 and substitute replacement.

The extensiveness of our offices is a point of strength that allows us to meet customer demands quickly, providing useful support with the help of the teams located in the world.


The GDPR apply even if the processing of data does not occur in EU territory?
The rule applies independently if the treatment is carried out on EU territory: this means which it also concerns to the data controller not established in the EU but in a place subject to the law of a Member State under international public law.

What penalties apply to those who don’t comply with the requirements of the standard?
The controller who does not comply with the provisions of the GDPR may incur administrative sanctions (up to € 20,000,000 for companies, up to 4% of the total annual worldwide turnover, if higher), civil and / or penal.


You may also like