The Firm has gained and has a consolidated experience in the field of “privacy” providing advice and a detailed analysis of the measures taken by its customers, in accordance with the European Regulation 2016/679, carrying out the study and preparation of the specific documentation for each individual reality.

Avv. Silvia Boschello, senior partner, and avv. Alexander Cassisa, local partner, provide advice and ongoing assistance aimed at Compliance Privacy to the European Regulation and are entitled to assume the role of DPO, (Data Protection Officer – Data Protection Officer ex art. 37 and ss. of the Regulation) in accordance with the standard UNI 11697 DPO, by the accredited body AICQ SICEV Registro Sicev – https://aicqsicev.it/registro-professional figures. They hold positions of DPO in public bodies, companies, professional firms and third sector institutions, assisting customers in the planning, adjustment and control of the process of compliance with the regulations. The figure of the DPO described in art. 37-38-39 of GDPR 679/2016 plays a key role in the management of data protection within institutions.

The legislation provides for the tasks of the DPO:

1. inform and provide advice to the controller or processor about the obligations under the GDPR and data protection regulations
2. monitor compliance with the Regulation with data protection policies

• raising awareness and training of staff involved in treatments and related control activities

1. on request, provide an opinion on the data protection impact assessment and monitor its performance
2. cooperate with and act as a contact point for monitoring.

Also through the consolidated collaboration with IT experts and system administrators, the Firm is able to offer assistance and advice on the management and organization of IT security and Cyber risk in relation to GDPR 679/16. The compliance privacy activity is usually carried out through a first audit activity, where following a complete data collection by a professional auditor, a risk assessment shall be carried out and the technical and organisational measures to be taken in accordance with the GDPR shall be identified.

The following activity of compliance is aimed at preparing the documentation necessary for the customer, in view of the data collected and the need of the client institution or company. The study also organizes courses and meetings and seminars training and updating on the discipline inherent in the processing of personal data, including at the same institutions, companies, professional firms and professionals, through the use of educational material, including multimedia.

Among the services offered in terms of privacy:

• Compliance with the GDPR
• Appointment of DPO for audit and reporting activities
• Risk-assessment and legal-organizational adjustment activities and drafting of procedures, including IT, following the first audit of the DPO
• Assistance in the preparation of records of processing
• Submission of complaints to the Italian Data Protection Authority
• Assistance in the definition of company policies
• Staff training and refresher activities in relation to current legislation on the protection of personal data
• Data Breach procedure and infringement log
• Website policy, information for newsletters and contact forms and analysis of website cookies
• Drafting and auditing of contracts
• Analysis of IT risks, preparation of technical and organizational measures related to IT security.