General data protection services

During the year 2018, the new GDPR challenged companies in many ways: to understand their data, map them, assess the risks that they pose and decide on organizational models.

2019 will be the year of the completion of the compliance process, the evaluation of the effectiveness of implemented models and the understanding of the potential of the data that is retained. This year will also see the development of innovative data projects and the application of Artificial Intelligence to Big Data.
Moreover, Data Protection Authorities will start carrying out (or will intensify) inspections to check compliance with the GDPR.

In light of the above, we have decided to implement a series of additional general services that will allow companies not only to comply with the GDPR, but also to seize all the opportunities offered by the emerging data economy.


CONTACT US FOR MORE INFORMATION

Conformity to GDPR

Building on the experience acquired in 2018, the Data Protection Team of the Stefanelli&Stefanelli Law Firm has developed a working method that allows companies to achieve compliance with the GDPR quickly and effectively.

We assist organisations in the following steps:

  1. drafting of the technical report (a document that reports the technical and organisational measures in place)
    drafting of the register of processing operations
  2. drafting an adherence report (a document that explains the procedures carried out by the Data controller to comply with the GDPR)
  3. revision of documents provided by the parent company
  4. drafting of privacy notices, contracts, etc.


Training on the GDPR

Training is the cornerstone of the whole data protection system: it allows a better understanding of the subject, raises awareness and empowers staff, helps putting organizational measures into practice.

The Stefanelli&Stefanelli law firm has created three training formats:

  1. webinars that are specially created for individual customers and that can be accessed with a dedicated password on our online platform
  2. at the client’s premises, for managers
  3. at the client's premises, for authorized data operators


Verification of compliance with the GDPR and maintenance

For those who have already implemented the GDPR, the goal is now to improve and verify the effectiveness of the measures that have been taken.

The methods that we propose are:

  1. audits carried out through online checklists – can be customised for each organization
  2. telephone support with our Data Protection Team professionals
  3. in-house periodic audits

Data Protection Impact Assessments

The data protection impact assessment requires an analysis of the risk and the application of the principle of proportionality. Our multidisciplinary team has developed a precise procedure to analyze risks, assess the impacts on the rights of the subjects, and to assess the proportionality of the processing (also in light of the provisions of the Data Protection Authority) thus giving the clients a tool that demonstrates their accountability



Implementation of a Privacy Management System

To ensure conformity with the principle of accountability it is necessary to create a data protection management model that harmonizes and integrates with existing models within the company.

What we do is: 

  1. establish privacy procedures for the various processes
  2. prepare instructions for specific figures
  3. integrate the data protection model with existing quality systems and systems under Leg. Decree 231/2001


DPO activities (art. 39)

Our team of professionals also carry out Data Protection Officer activities.

We also provide support to internal DPOs in organizing and monitoring mandatory activities.

In this regard, the following specific activities are carried out:

  1. constant updating on news regarding data protection at national and EU level
  2. collaboration and active surveillance regarding the obligations to be fulfilled under the GDPR
  3. development of innovative data projects with the company’s management
  4. assistance in data protection impact assessments
  5. specific audits in the highest risk sectors
  6. liaise with the Data Protection Authority (or other European Data Protection Authority


Assistance in dealing with the Data Protection Authority (on top of DPO activity)

Our lawyers provide legal assistance before the Data Protection Authority, as well as in court: 

Data Breach
Applications and complaints
Administrative litigation (sanctions)
Civil and criminal litigation (claims for damages)