Business consulting Privacy and GDPR
Our solution to ensure your GDPR compliance
IMMEDIATE ACTIVATION
Our service
1) GDPR Compliance – Adapting to the Privacy Regulations.
We guide you in analyzing the flow and security of personal data, determining the measures necessary to process data correctly and avoid penalties. We will do a data protection impact assessment (Privacy Impact Assessment, Art. 35) and help you deal with data breaches by structuring a personal data management system.
2) GDPR Monitoring – We audit the entire data processing process over time.
We verify, through periodic audits, that aspects of GDPR compliance are being consistently met and enforced, including in light of any regulatory updates, helping you keep your organizational structure in check at all times.
3) GDPR Training – Training
Mandatory training under the GDPR is accessible to all workers, appointees and processors in an open and unrestricted format. Both classroom and e-learning. We provide this service to you because it is important to manage documentation but even more important that those who process personal data are trained to comply with the procedures. In order to achieve an adequate degree of accountability, therefore, it is essential in the first place to gain awareness of the obligations and goals to be achieved. We will teach you how to correctly interpret the applicable rules and subsequently identify the individual obligations concretely imposed on the Owner by the Regulations.
4) Management of necessary documentation
All your necessary documentation will be available in the computer portal dedicated to you. You will find treatment records, appointment records, and contracts, and through an intuitive system, you can file and keep track of all documents produced.
5) Assistance and first intervention in case of control
The regulations
The European Privacy Regulation 2016/679
On May 25, 2018, the European Privacy Regulation 2016/679 of the European Parliament on data protection, better known as GDPR, came into force.
During this period professionals and businesses will have to adapt their organizational models to the new requirements. The forms must be revised and updated, which-without the changes provided for in the new regulations-could result in the penalties provided for in the Regulations (up to 20 million euros depending on the severity).
Some new features introduced by the GDPR:
- Responsibilities of the Owner
It will be up to the Data Controller, taking into account the context, the nature of the data and the risks to the data, to organize his or her company. It will have to ensure a normatively adequate level of safety and justify its choices. - Right to data portability and right to be forgotten
The GDPR introduced two new rights:
– the right to data portability, according to which “the data subject shall have the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that have been provided to a data controller and shall have the right to have those data transmitted to another data controller without hindrance by the controller to whom he or she has provided them.”
– the right to be forgotten whereby any individual can request the deletion of their data held by third parties. - Principle of accountability
The real revolution, however, is in the principle of accountability, that is, in the “empowerment” of the Data Controller who will have to demonstrate that he or she processes data in compliance with the privacy measures set forth in the European Privacy Regulation. Appropriate records such as Records of Processing Activities (Art. 30) will need to be prepared and maintained, in which all data processing activities carried out under the responsibility of the data controller or person in charge are reported.