The President of the Italian Data Protection Authority, Antonello Soro, and the General Manager of the Italian Security Intelligence Department (DIS), Gennaro Vecchione, have signed the new Protocol of Intent on data protection in cyber security activities. This document confirms and re-launches the guidelines of the agreement endorsed in 2013 and renewed in 2017.
The document which has been revised to enable it to comply with the General Data Protection Regulation (GDPR) and with the “law enforcement” directive (Legislative Decree 18th May 2018 n. 51), has confirmed the guarantees for the protection of citizens in relation to the processing of personal data carried out by information security agencies.
The new version of the protocol aims to facilitate the exchange of information between the two authorities in order to jointly address the complex requirements of national cyber security and to promote good practice in cyber security, in reciprocal collaboration with the academic and research communities.
In particular, the Data Protection Authority will forward to the Security Intelligence Department data breaches, which have been received from those subjects responsible for notifying the Authority of every personal data violation and which are of fundamental importance for cyber security. In particular this pooling of intelligence will benefit the activities of the Cybersecurity Unit – an inter-ministerial body set up in the Security Intelligence Department by the Decree of the President of the Council of Ministers of 17th February 2017 – and which has been placed in charge of prevention, preparation, response and recovery in situations of national crisis in the cyber area.
The Protocol will have a two year duration, unless tacitly renewed, and either party may propose updates should changes to the law or to regulations require it.