Privacy becomes a business matter thanks to the GDPR


After five years of anticipation, only six months remain until  the data protection package passed by the EU is directly applicable in all the Member States.  Along with it come sanctions amounting to 20 million Euro, or 4% of the total worldwide annual turnover of organisations. Privacy has been transformed from a pure bureaucratic requirement to a theme of governance. According to Paolo Balboni, ICT Legal Consulting Founding Partner, the GDPR represents a “passing from ‘one size fits all’ data protection comprised of policy to a risk-based data protection made of processes. With the new Regulation privacy also becomes a career opportunity.”


In six months the data protection package introduced by Brussels will be directly applicable in all EU Member States, but the development of the new Regulation 2016/679 has been anything but simple. Presented by the European Commission in January 2012, it received more than four thousand registered amendments in the European Parliament, went through a turbulent legislative process characterised by a lively political debate and significant pressure from the lobbying of American Internet giants. After four years, in December 2015, a compromise in the final negotiation phase was ultimately reached and the Regulation was published in the Official Journal of the European Union in May 2016, introducing fines up to 20 million Euro, or 4% of the total worldwide annual turnover for lawbreakers, which will be imposed from 25 May 2018.


With the GDPR (the General Data Protection Regulation) coming into force, privacy, which was once viewed as a mere compliance matter significantly transforms into the notion of company governance. As explained by Paolo Balboni, speaking at the manifestazione Sicurezza 2017 on 16 November, “Privacy has been transformed from a pure bureaucratic requirement to a theme of governance.  Companies will therefore need to pay particular attention to the analysis of processing, risk identification and measures to mitigate the same in order to ‘design’ adequate and effective business privacy processes”.


With the GDPR, the privacy perspective changes not only in terms of compliance but also on the business front for professionals that have made an ambitious career out of data protection, as in the case of Balboni, a young lawyer from Bologna who, almost by chance after having followed a course on data protection in The Netherlands during his Erasmus studies, started his own successful business venture with privacy and data protection at its core.



Short bio: Paolo Balboni (39) co-leads with Luca Bolognini ICT Legal Consulting, a successful law firm that employs a team of both Italian and international professionals and has more than 100 active clients across the globe. Having gained increasing authority in the institutional environment over the years, in 2015 Paolo became the President of EPA (European Privacy Association).  He is also featured in the documentary film “Democracy” alongside German MP Jan Philipp Albrecht and other prominent personalities who significantly contributed to the legislative process of the Regulation. Read the extended bio