• Appointment of the role of Data Protection Officer (DPO)

The regulation on Data Protection regulates the appointment of the role of Data Protection Officer in the following cases:

the processing is carried out by a public authority or a public body, except for the courts when they are carrying out their judicial functions;

the main activities of the Data Controller or the Data Processor consist of processing which, by its nature, scope and/or purposes, requires regular and systematic monitoring of the parties concerned on a large scale;

the main activities of the Data Controller or the Data Processor consist of the processing, on a large scale, of particular categories of personal data referred to in article 9 (particular data) or data relating to criminal convictions and to offences referred to in article 10.

• Performance of initial risk assessment

Analysis of the company’s situation and identification of gaps to be filled by the preparation of a plan of progressive action in order to achieve regulatory compliance.

Assistance in the identification of appropriate measures to use in order to ensure the integrity and availability of the data.

• Assistance for the drafting of all the documentation required by the GDPR

Drafting of information for employees, clients and suppliers, drafting of contractual additions for external data processors, preparation of letters of appointment for internal data processors, analyses of websites and relevant privacy and cookies policies, etc.).

• Preparation of register of processing operations

Preparation of register of processing operations for the Data Controller and regular updates in line with the guidelines put in place by the Italian guarantor.