GDPR and Privacy

We are able to provide the best advice on GDPR and Privacy matters. We have built a dedicated team to assist our clients in every respect.

The need to stay always up to date

Since its entry into force, the GDPR has radically changed the rules of the game and the approach of companies to confidentiality and the protection of personal data. The GDPR has not only drastically increased the penalties (up to 4% per annum of the global turnover, or € 20,000,000 for the most serious violations), but has also imposed on companies an ever greater control and transparency, including requirements concerning the protection of data and rights of data subjects in each and every new corporate project.
Over time, a series of internal regulations, opinions, guidelines, provisions and other sources have been added to the European legislation, which make the application of the relevant provisions particularly challenging for operators. All this means that organisations continuously need assistance and advice on Privacy and GDPR matters.

The protection of confidentiality is therefore one of the most evolving fields and certainly the one in which the assistance of experts is most needed: in most cases, the first step to take is a data privacy audit that allows us to understand the What, Why and How of data processing.

Which data are processed? How? Why?

At the end of the audit, it will be possible to define the steps necessary to achieve compliance with the applicable statutory provisions. Some of the questions to ask are: which personal data are processed? How are they processed? Why, namely, for what specific purpose? What is communicated to managers and concerned operators? And to subjects who provide data? What internal procedures and rules are already in place at the company?

Toffoletto De Luca Tamajo has created a consulting package to assist you in achieving concrete results quickly and efficiently. We will not only deliver a 360-degree assistance service that defines and builds a company structure suitable for all data processing performed, but also specific support on individual problems, projects and processing requirements. Our assistance covers all corporate privacy needs and ranges from data management in the HR field, to data processing for advertising and marketing purposes, up to the latest news in the web world, such as those relating to the management of cookies, with particular reference to profiling cookies for corporate websites.

Our advice on GDPR and Privacy

Once the compliance of any data processed by your company has been evaluated, we provide our recommendations. We will evaluate:

  • Whether there are appropriate policies and procedures and what changes are needed;
  • Which categories of data are processed and the legal basis for such processing;
  • Whether privacy impact assessments are needed for specific “high risk” sectors;
  • What are the appointments and what changes are required in order to comply with the new legislation;
  • Understanding of responsibilities and training;
  • How the organisation deals with matters concerning the rights of data subjects in relation to access, amendment and deletion;
  • Evaluation of practices that deal with the accuracy of data processing and their storage;
  • Preparation of procedures in the event of data breach;
  • Evaluation of technical aspects and organisational model to ensure adequate data security;
  • The transfer of data abroad (if applicable);
  • The model of data transfer to third parties.

In short, we can assist you in assessing the situation, filling any gaps and putting in place the necessary measures to be in compliance with the requirements of the GDPR.

How much does it cost?

For each service, a (fixed or hourly) rate will be agreed in advance. The fee may also have an hourly cap and will depend on variable factors such as, by way of example, number of interviews of the operations sites, size of the organisation, complexity of data processed and procedures in place, and nature and complexity of the assistance requested.

Contact Lawyer Paola Pucci, Partner of the Firm and Head of the Privacy Team.