"We make information smarter"

• Privacy Policy;
• Communications and Training;
• Privacy Management;
• Security measures;
• Privacy Compliance;
• Information and Consent;
• Cross-EU data flows;
• Response procedures for data subject requests.

Consequently, the main areas of intervention are:

• Company information system assessment;
• Identification of modifications needed;
• Definition and classification of types of data processed;
• Definition of data processing terms and method;
• Definition of the minimum security measures to adopt and residual risk;
• Definition of processing offices tasks and duties;
• Definition of processing organizational and technical procedures;
• Writing the Internal Code regarding employees personal data processing in respect of Articles 4 and 8 Workers' Statute;
• Writing the letters of information and consent;
• Writing the appointment letters for internal and external data processors;
• Definition of the Company Privacy Policy;
• Drafting of the Security Policy Documents (SPD - DPS) according to All. B - D.Lgs. 196/2003;
• Analysis of transfer of personal data to third countries: contractual solutions and BCRs (Binding Corporate Rules);
• Training for Data Controllers, Data Processors, Managers, persons in charge of the processing: basic course on general risks, course on specific risks, ongoing routine and training;
• Legal advices.

 

• An opportunity to transmit the corporate ethical values;
• A moment to involve the staff in organizational and management choices;
• Pillar of any Corporate Governance Model whose preventing efficacy must be able to exclude that subjects working within the organization could justify the committee of an offence by pleading ignorance of the Corporate Policy.