With the advent of the Data Protection Regulation [Reg. (EU) 2016/679] companies must address the issue of Privacy Compliance having as a reference market not only Italy but all the European Union States in which they operate.
The Firm, thanks to many years of experience, and continuous updating activities, of its professionals, assists the Governors (companies and individuals), in the field of protection of personal and non-personal data, both with regard to Italian and European legislation, carrying out in particular the following activities:
Company audit / analysis of processed data and processing / risk analysis (so-called data mapping);
Analysis of the current measures taken by the Company to protect privacy on the basis of the Privacy Code;
Indications of the technical and organizational measures to be adopted for the adaptation to the new Regulation;
Indication of the adequacy of the computer system currently used;
Indication on how paper and computer data should be stored;
Information on the use of emails, newsletters and website for marketing purposes;
Indication of the documents that the Company is required to prepare, keep and update pursuant to the Regulations;
Impact assessment;
Drafting of the Register of Treatment;
Drafting and registration of incidents (data breach);
Drafting of the various necessary information and methods of communication;
Indication of when and to whom to request consent;
Indications on how to manage relationships with employees, control tools in general, methods of processing employees’ personal data;
Indications about the content of contracts, agreements and acts of appointment that must be prepared with the various subjects involved in the processing (internal and external managers, appointees);
Indications relating to the processing of data recorded with video surveillance systems;
Information on the content of the standard contractual clauses for the transfer of data to third countries;
Training of managers and persons in charge (employees) of the processing of personal data;
Verification of the mandatory appointment of a DPO;
Designation of Representative in the Italian territory for non-EU companies.
The experience gained in the sector allows the professionals ofthe Firm to operate in a very efficient and pragmatic way.
First of all, we ask companies and professional firms to fill out a questionnaire on us. Based on the information received, we are able to indicate free of charge the activities necessary for compliance with the legislation, as well as the estimate of the Firm.
The operational activity is generally structured in the following phases:
Step 1
Drafting of various information and assistance in sending them to all interested parties.
Identification of cases in which consent is required.
Step 2
Identification of all internal privacy assets (PCs, servers, paper archives, tablets, etc.).
Identification of all subjects who hold relevant roles for privacy purposes in the company / professional firm.
Drafting of a privacy organizational model.
Identifying Business Privacy Risks
Step 3
Appointment of the various internal appointees, training activities for them, definition of the procedures to be adopted.
