Consultation Paper No. 6/2023

Ivass published Consultation no. 6/2023. This consultation document contains the draft Regulation on the digital transmission of personal information as referred to in Articles 190 and 190-bis of Legislative Decree 7 September 2005, No. 209 – Private Insurance Code and subsequent amendments and additions.
The existing regulatory framework already imposes on insurance companies the obligation to communicate company and corporate governance-related personal data to IVASS. However, the regulatory framework concerning the specific methods of transmitting personal information is fragmented.
In the context of public cost savings, Italian legislation promotes full integration of supervisory activities in the insurance sector, including closer collaboration with banking supervision, ensuring cost savings, continuity, and greater efficiency in fulfilling their respective functions.
The purpose of the draft Regulation is to implement national provisions and European principles regarding the electronic transmission of personal data to IVASS. The adopted methods ensure data integration, promote digital processing of information, improve the quality of personal data, and streamline regulations and operations related to the production of personal and company information.
The management of personal information must comply with the GDPR paragraphs 1 and 3, which govern the processing of data necessary for the execution of public interest tasks or the exercise of public powers vested in the data controller.
In light of the above, it is believed that the introduction of detailed regulatory provisions defining operational criteria for data and information transmission, in line with the national and European regulatory framework, can achieve the dual objective of ensuring consistent choices and providing adequate effectiveness, transparency, and security throughout the communication process of company and corporate governance-related personal data.
In this context, the new electronic procedure, RIGA, has been developed for managing personal data. This procedure innovates the operational methods for collecting information from supervised entities, in line with current regulations.
Any observations, comments, and proposals can be submitted to IVASS by 28 August 2023, using the provided attached tables in Word format via email to regolamento_riga@ivass.it.
The personal data provided during the public consultation will be processed by the Institute, exclusively for the execution of its public interest tasks or for purposes related to the exercise of its public powers.
At the end of the public consultation phase, received observations and the resulting resolutions of IVASS will be made public on its website.