Data Protection

Protection of Personal Data

Édouard Manet (1832 – 1883), Olympia, olio su tela, part., 1863, Museo d’Orsay, Parigi.

Our Firm offers legal advice on the protection of personal data, assisting companies in the process of adapting to the law and maintaining compliance, granting the protection of the rights and fundamental freedoms of the person concerned.

Our Firm has gained specific and consolidated experience in consulting companies that engage in e-commerce and digital, as well as those offering remote products and services through the Internet, Apps and call centers (eg: banking and insurance services). More recently, the Firm has developed particular expertise in the field of personal data protection in the e-health sector and in the IoT, as well as in AI and new technologies, allowing its clients to acquire and maintain primary market positions.
Our professionals closely follow the work of the Italian Data Protection Authority and other competent authorities both at national level (eg. CNIL in France, ICO in the United Kingdom) and EU (e.g.: European Data Protection Board, European Data Protection Supervisory, European Union Agency for Cybersecurity), actively participating in the consultations promoted by them, in order to represent the needs of the sector and its customers (for example, the recent consultation published by the EDPB on the Guidelines 2/2019 on the processing of personal data under Article 6.1(b) of the GDPR and the working table on cookies launched by the Italian Data Protection Authority in September 2013).

Our Firm offers guidance in implementing the principle of accountability under Regulation (EU) 2016/679 (General Regulation on Data Protection or GDPR) and in the compliance process to the GPDR and the Privacy Code as amended by Legislative Decree 101/2018.

This process includes, among others, the following activities:

  • mapping of treatments;
  • maintenance of the register of treatments and the privacy organization chart;
  • assistance in carrying out the risk analysis and any impact assessment and, if necessary, in the prior consultation phase, together with the drafting of the relevant documents;
  • assistance in determining the obligation to appoint the DPO and, if this is not the case, drafting the supporting documentation or, if this is the case, drafting the contract with the DPO and the relative procedures for signing it;
  • drafting of the information on the processing of personal data and the related procedures;
  • preparation of formulas for the acquisition of consent to the processing of personal data, in the cases provided for by the GDPR;
  • securing the User Experience of the interested party on the sites and/or in the apps and/or, in general, at the time of provision and/or collection of personal data (e.g. structuring of registration and log-in forms, preparation of dashboards and management of personal data and related options, drafting of just-in-time information, etc.);
  • drafting of contracts for appointment as data controller or review and integration of the same, if proposed by the other party;
  • drafting of letters of authorisation (former letters of appointment);
  • drafting and/or, as the case may be, revision and integration of the joint ownership agreements and/or the sharing data agreements;
  • drafting of internal policies (e.g.: data breach policy, data retention policy, policy for the exercise of the rights of the interested parties, regulations on the use of the Internet and electronic mail in the employment relationship, etc.);
  • training;
  • drafting of agreements for the transfer of personal data to countries outside the European Union through the use of contractual instruments offering adequate guarantees, as identified by the GDPR and the relevant competent authorities;
  • preparation of regulations on video surveillance;
  • adoption of the measures prescribed by the Data Protection Supervisor in the event of the management of call centres located in countries outside the European Union;
  • drafting of the cookie information (short and extended), subject to their qualification in accordance with applicable legislation;
  • assistance to customers in the event of initiation of investigative proceedings by the Guarantor.