GDPR & Privacy Compliance
This section describes the content, objectives and implementation procedures of our "GDPR and Data Protection Compliance Service", a set of specialised and customised legal and technical services aimed at ensuring compliance with personal data protection regulations.
The "Privacy Compliance Service" (the "Service”) aims at enabling data controllers (whether a public or private body) to fully comply with all the regulatory data protection constraints as provided both under the General Data Protection Regulation no. 679/2016 ("GDPR") and to the recently amended Legislative Decree 196 of 30 June 2003 known as the Personal Data Protection Code (with penalties – in case of a violation – under civil, administrative and especially criminal law) and all the regulatory constraints imposed by the sector (e.g., General Provisions orGuide Lines implementing the GDPR as enacted by the EU Data Protection Authorities or by the national Data Protection Authority).
The Service has the following features.
During a first phase, an analysis of the current policies for processing personal data in place at the data-controlling organisation is conducted. This stage is preparatory to subsequent legal and technical modifications to the website. All the processing of personal data at the facility is mapped at this stage. The analysis is a preliminary check of the compliance of the operations with the GDPR and with the Data Protection Code.
The check is carried out first by a preliminary check:
Once the preliminary check has been carried out, the data processing policies are made compliant to the GDPR and - where applicable - to the Italian Data Protection Code.
A correct and complete assistance to ensure personal data processing’s compliance with the GDPR and wioth the Italian Data Protection Code cannot of course neglect the important issue - both legal and, especially, technical and informational – of adopting the security measures in the processing as required by art. 32 of the GDPR. The service also includes consultancy in this area.
The file below contains a sample illustration of the main privacy obligations required by the GDPR (into Italian language).
If the data controllers concerned consider that their currently existing personal data protection policies are not compliant (or not fully compliant) with the privacy obligations required by the GDPR and by the Italian Data Protection Code, they can require the specialised legal services offered and submit a request through the contact form in the appropriate "Contacts" section.
The "Privacy Compliance Service" (the "Service”) aims at enabling data controllers (whether a public or private body) to fully comply with all the regulatory data protection constraints as provided both under the General Data Protection Regulation no. 679/2016 ("GDPR") and to the recently amended Legislative Decree 196 of 30 June 2003 known as the Personal Data Protection Code (with penalties – in case of a violation – under civil, administrative and especially criminal law) and all the regulatory constraints imposed by the sector (e.g., General Provisions orGuide Lines implementing the GDPR as enacted by the EU Data Protection Authorities or by the national Data Protection Authority).
The Service has the following features.
During a first phase, an analysis of the current policies for processing personal data in place at the data-controlling organisation is conducted. This stage is preparatory to subsequent legal and technical modifications to the website. All the processing of personal data at the facility is mapped at this stage. The analysis is a preliminary check of the compliance of the operations with the GDPR and with the Data Protection Code.
The check is carried out first by a preliminary check:
- by sending a detailed questionnaire ("Privacy Checklist") to be filled out by the various managers of the organisation, each one completing one for the data processing under his or her responsibility. The answers will outline a first scenario of the personal data processing policies in practice as implemented by the organisation;
- through the subsequent and crucial task of auditing (to be done at the data controller’s office) to study the results of the questionnaire and to acquire more information and documents about the personal data processing.
Once the preliminary check has been carried out, the data processing policies are made compliant to the GDPR and - where applicable - to the Italian Data Protection Code.
A correct and complete assistance to ensure personal data processing’s compliance with the GDPR and wioth the Italian Data Protection Code cannot of course neglect the important issue - both legal and, especially, technical and informational – of adopting the security measures in the processing as required by art. 32 of the GDPR. The service also includes consultancy in this area.
The file below contains a sample illustration of the main privacy obligations required by the GDPR (into Italian language).
If the data controllers concerned consider that their currently existing personal data protection policies are not compliant (or not fully compliant) with the privacy obligations required by the GDPR and by the Italian Data Protection Code, they can require the specialised legal services offered and submit a request through the contact form in the appropriate "Contacts" section.
A presentation of the GDPR