Since 25 May 2018, the General Data Protection Regulation (GDPR \u2014 EU Regulation 2016\/679) has been in force throughout the European Union. For any organisation \u2014 Italian, foreign, or based outside the EU \u2014 that collects, processes or stores personal data of individuals residing in Europe, GDPR compliance is mandatory. Non-compliance exposes the organisation to fines of up to \u20ac20 million or 4% of global annual turnover, whichever is higher.<\/p>\n\n
Who must comply with the GDPR<\/strong><\/p>\n\n The GDPR applies to any organisation that processes personal data of individuals residing in the EU, regardless of where the organisation is established. This means that a Chinese company selling products to Italian customers online, managing employees in Italy, or collecting data through a website accessible in Europe is subject to the GDPR.<\/p>\n\n Key obligations for companies<\/strong><\/p>\n\n \u2014 Privacy notice: every collection of personal data must be accompanied by a clear and complete notice explaining the purposes, legal basis, retention periods, and data subject rights.<\/strong><\/p>\n\n \u2014 Legal basis for processing: all data processing must rest on a valid legal basis: consent, contract, legal obligation, vital interest, public interest, or legitimate interest.<\/strong><\/p>\n\n \u2014 Record of processing activities: companies with more than 250 employees, or those processing sensitive data or doing so systematically, are required to maintain an internal register of processing activities.<\/strong><\/p>\n\n \u2014 Data Protection Officer (DPO): certain categories of organisations are required to appoint a DPO. <\/strong> Even when not mandatory, it is advisable for companies handling large volumes of data.<\/p>\n\n \u2014 Breach notification: in the event of a data breach, the organisation must notify the supervisory authority within 72 hours of becoming aware of it.<\/strong><\/p>\n\n \u2014 Data transfers to third countries: transferring personal data to China requires specific additional safeguards, as China is not recognised by the EU as providing an adequate level of data protection.<\/strong><\/p>\n\n The critical issue for Chinese companies: transfers to China<\/strong><\/p>\n\n Many Chinese companies operating in Europe regularly transfer data (of employees, customers, suppliers) to the parent company’s IT systems in China. This transfer is subject to specific GDPR restrictions. The most common solutions include the Standard Contractual Clauses (SCCs) approved by the European Commission, or Binding Corporate Rules (BCRs) for multinational groups.<\/p>\n\n Rxconsult, working with its legal partners, supports Chinese companies in assessing their GDPR position, drafting the required documentation, and implementing processes that comply with European regulations.<\/p>\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" Since 25 May 2018, the General Data Protection Regulation (GDPR \u2014 EU Regulation 2016\/679) has been in force throughout the European Union. For any organisation \u2014 Italian, foreign, or based outside the EU \u2014 that collects, processes or stores personal data of individuals residing in Europe, GDPR compliance is mandatory. Non-compliance exposes the organisation to […]<\/p>\n","protected":false},"author":2,"featured_media":1566,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[16],"tags":[],"class_list":["post-1594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-senza-categoria"],"_links":{"self":[{"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/posts\/1594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/comments?post=1594"}],"version-history":[{"count":1,"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/posts\/1594\/revisions"}],"predecessor-version":[{"id":1595,"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/posts\/1594\/revisions\/1595"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/media\/1566"}],"wp:attachment":[{"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/media?parent=1594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/categories?post=1594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rxconsult.it\/en\/wp-json\/wp\/v2\/tags?post=1594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}