.

This article intends to analyze the recent European regulatory framework which, in the field of data security, focuses on the principle of accountability of the data controller, opening new perspectives, in the public and private sector, in terms of privacy governance. Therefore the analysis will concern, first of all, the Regulation (EU) 2016/679 and the related prescriptions, as well as the legislation on cybersecurity, object of attention by the Italian and European legislators, with the introduction of the NIS Directive, of the Cyber Act and the Perimetro nazionale di sicurezza cibernetica. The new challenges in these areas are decisive in the context of a society called upon to guarantee the free enjoyment of citizens fundamental rights and freedoms