Data, Privacy and Cybersecurity
Management of privacy and cybersecurity obligations, from strategic advice, to the adoption of risk management measures and the role of DPO.
Expert legal assistance in privacy, cybersecurity and data protection for compliance with the latest European and national regulations.
The activity of assistance and advice in the field of privacy covers the different needs of the Client both in defense in Court and before Authorities, and in advice related to the issues of personal data processing, privacy and confidentiality.
With its in-depth study in this field since the first Italian Regulation in 1996 and the experience gained in favor of complex corporate and multinational companies, the firm is capable of assisting the Client in identifying the most appropriate strategy to be adopted in relation to the processing operations carried out, as well as in the timely fulfillments required by European (GDPR) and national legislation (mapping of processing, gap analysis, definition of privacy policies, preparation of consent to processing, designation of data processors and system administrators, joint data controllership agreements, documentation system, data protection impact assessments, definition of internal regulatory acts relating to employment relationships and the use of IT tools and e-mail, risk analysis, identification and verification of security measures, compliance with data transfer outside the EU/EEA).
The skills acquired enable to assist Clients effectively also with regard to processing with specific characteristics or carried out through the most modern IT technologies (collection and communication via web, extra EU/EEA data transfers, use of geolocation systems, use of cookies and similar technologies, off-line and on-line profiling, marketing by social networks, RFID, Cloud Computing, video surveillance, processing of sensitive and genetic data, automated decisions), as well as for the necessary training of the customer's employees (apical and operational) involved in processing operations.
The firm also provides its Clients with Data Protection Officer (DPO) services.
In the area of cybersecurity, the firm's professionals provide advice and assistance with respect to the legal requirements needed to ensure the compliance of companies and other entities with the relevant regulations, including NIS2, as implemented in Italy, DORA and national cybersecurity legislation.
The firm's expertise also enables it to effectively assist its clients with respect to the obligations and opportunities arising from other EU Data regulations, and therefore with respect to issues such as the provision of data intermediation services, the voluntary data sharing through ‘data altruism’ and the re-use of certain categories of protected data held by public sector bodies under the Data Governance Act, the exercise of rights and compliance with the obligations for data holders, data users and data recipients set out in the Data Act, as well as issues relating to the European Health Data Space (EHDS) and the design and management of other data spaces.