Consulting on compliance with the GDPR
What is it?
The GDPR is the regulation that interprets the right of every natural person to the protection of their personal data, as stated in the EU Charter of Fundamental Rights and the Treaty on the Functioning of the European Union.
Quite simply, it recognises that any processing of information concerning individuals must be carried out as a "service to the human person" and that the right to protection of data concerning such persons must have a social function.
Consequently, it was also considered necessary to have a more detailed regulation of the rights of data controllers and the obligations of those who decide and carry out the processing.
What we can do for you
We offer consulting services to help you manage, quickly and properly, all the requirements envisaged by European legislation.
This is helpful first and foremost because European lawmakers have adopted a very broad definition of the concept of personal data (considering it to be all information relating to identified or identifiable natural persons).
Processing therefore becomes extremely complex because it is intended as any operation or set of operations carried out (with or without the aid of automated systems) on personal data or sets of personal data, including for example: collection, recording, organisation, structuring, retention, adaptation or modification, extraction, accessing, use, disclosure by transmission, dissemination or any other form by which data may be made available, comparison or interconnection, limitation, deletion, erasure or destruction.
Who we cater for
We cater for companies that need to adapt to the complexity of European legislation quickly and efficiently.
We rely on the support of our partners, such as Universities, research centres, banks, and consultancies.
How we do it
We provide you with a team of specialists who will assist you throughout the complicated process of achieving compliance with the legislation.
In practice, the service consists of the following activities:
- Preliminary analysis of the business context with a census of types of processing and the related assets.
- Identification and analysis of the subjects involved in the processing: staff tasked with processing, data processor, data controller, designation of a Data Protection Officer.
- Analysis of the risks and of the security measures adopted.
- Adoption of suitable technical and organisational measures to guarantee processing security.
- Assessment of the impact of new technology use on data protection.
- Data Breach Management.
- Staff training.