The Security Policy Document Under The Italy New Privacy CodeThe new Privacy Code has given rise to some uncertainties with respect to the Security Policy Document (DPS) that Data Controllers are required to prepare. Under the Code this document must also be referred to in the financial statements as a move to make corporate management more open and verifiable. Questions though remain as to when such requirement becomes enforceable.
In addition, confusion has resulted from the fact that the new Code has provided a sort of pardon for all organizations who had not complied with the provisions of the former legislation in respect of the DPS.
These matters are made more complex by the overlap of different provisions and laws as concerns the DPS requirements.
The following questions have been addressed in this article:What has been added to the DPS?
What are the different dispositions governing the Security Policy Document?
What are the sure points?
What are the new measures?
What is the “raison d’être" of the requirement to include a reference to the DPS in the financial statements?