Pulsantiera di navigazione Home Page
Pagina Facebook Pagina Linkedin Canale Youtube Italian version
Areas of practice
Personal Data Protection Specialised Legal Services

Personal data protection - Privacy

Personal Data Protection Specialised Legal Services

 
Specialised Data Protection legal services include:
  1. "Audit” and overhaul of personal data processing policies to ensure that the processing performed by public and private data controllers complies with the GDPR and - where applicable - with the national Personal Data Protection Code as coordinated with the GDPR. Assistance in this area is wide-ranging and includes the processing of personal data in  specific sectors (public sector, healthcare, legal, journalistic, labour and social security, electronic communications and new technologies, video surveillance, etc.).
  2. Assistance to ensure that the data controllers’ processing of personal data complies with: 1) The EU Data Protection Authority’s Guidelines implementing the GDPR; 2) the additional national Data Protection Authority's privacy rules as set forth in the General Authorisations on the processing of sensitive and judicial data as coordinated with the GDPR; 2) in the sector-specific General Delibaration as compliant with the GDPR and still in force; 3) in the Codes of conduct and best practices in force to regulate specific types of processing, including processing:
    1. for social security purposes, or for the management of employee relationships;
    2. to use automated image recording tools – so-called video surveillance;
    3. to send advertising materials or to carry out direct sales or market surveys; interactive commercial communications or commercial information;
    4. in the banking sector for managing customers’ personal data;
    5. in the public and private health sector;
    6. in the tax and fiscal sector;
    7. within information systems with private party controllers, used when granting consumer credit or otherwise when the processing concerns the reliability and timeliness of payments by the data subjects;
    8. by online communication and information service providers;
    9. in the framework of legal defence investigations or to assert a right in court.
    10. on personal data from archives, registers, lists, records or documents held by public bodies;
    11. for purposes associated with the journalistic activity;
    12. for purposes of historical or scientific research;
    13. for statistical purposes
  3. Assistance in drafting documents, ddeds and forms required by the GDPR (e.g., notices to data subjects, Register for data processing; acquisition of consent formulas where required, appointment of Data Processors and sub.processors; appointment of persons authorized to data processing; privacy policy for websites, appointment of the representative in Italy when the data controller is outside the EU etc.) and complete customisation thereof.
  4. Assistance within the mandatory procedures provided under the GDPR, such as the following processes: (a) Data protection impact assessment - DPIA - as required by articles 35 and 36 GDPR; (b) notification of data breaches as required by articles 33 and 34 GDPR; (c) implementation of the "privacy by design" and "privacy by default" principles; (d) setting up of due processes for the new privacy rights of the interested subjects (e.g. data portability right);
  5. Assistance in complying with adequate technical security measures as established in Article 32 GDPER. The assistance in this area includes overhauling the degree of adequacy of the security policies implemented by the controllers, as well as technical audits aimed at identifying and implementing necessary technical adaptation of the data processing infrastructure used by the data controllers.
  6. Assistance in the activities involving cross-border transfer of personal data in non EU third countries and/or international organizations according to artciles 44-50 of the GDPR, such as drafting contracts governing the exchange of personal data within EU Countries and the transfer of data to countries outside the EU ("data transfer agreements") in compliance with the standard contractual clauses adopted according to the GDPR; advisory services on how to transfer personal data abroad to non-EU countries in compliance with the sector-specific agreements (e.g.: "Privacy Shield" Agreement between the EU and the USA), on Authorisations issued by the Authority and by the EU Commission for the transfer of data to non-EU Countries, on the implementation of the Binding Corporate Rules for Groups of companies, etc.
  7. Legal Assistance on the processing of personal data carried out through electronic communications networks (e.g. the Internet, mobile telephony, Wi-Fi technologies, digital land TV, RFID, etc.) or specific technologies (e.g. biometrics or geolocation). Assistance in this area also covers the processing of personal data to which other regulations apply (e.g.: Legislative Decree 70 of 14 April 2003 on information technology services, the Electronic Communications Code, etc.).
  8. Assistance and representation in regulatory procedures before the competent EU Data Protection Authority (reports, complaints, appeals).
  9. Assistance with the proceedings provided by articles 40 and 42 of the GDPR (ceritifcation procedures or adhering to codes of conduct).
  10. Assistance in proceedings before national judicial authorities for civil and criminal matters related to data processing and breach of the GDPR.
  11. Assistance in carrying out specific training activities for persons in charge of the processing and data processors.
Stampa la pagina