Personal data is a collection of data that allows the identification of individuals. The social interaction between people is done through the exchange of information. The functioning of our society is inconceivable in the absence of data exchanges. We all know that society abounds with personal data. The information enables the holder to act effectively. Information extracted from personal data is important because they allow profiling. Consequently, they allow active agents to perform attention management through personalized interactions. The free movement of personal data within the European Union may not be restricted or prohibited for reasons relating to the protection of individuals about the processing of personal data. The Regulation seeks to put a brake on the execution of attention management of individuals within the European area by agents operating outside this area. This is a diffuse but important economic benefit. The individuals also benefit. They have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which produces similar affects to a significant extent.
Our main activities in personal data protection law are:
# written answers to questions of management and data protection officers regarding the protection of personal data, studies, and legal opinions;
Data protection audit
# verification of physical and IT document circuits containing personal data, as well as the functioning of the IT applications used, in order to obtain a clear picture of the personal data
# creating (editing) synoptic personal data; which personal data, which documents and which personnel are involved; the synopsis includes the typology of personal data, sources, types of access, attributions and access rights, the circuit of use and the processes of use, modification, transfer and deletion of personal data, both regarding employees and customers and other contractors
# based on the synopsis, writing an audit report, which includes the list of activities that must be carried out by the organization to ensure compliance with GDPR provisions and suggestions for top management; the report includes all the collected information, arranged in a comprehensible structure, with the identification of vulnerabilities and risks, both operational and technical and legal
Data protection compliance (implementation after audit)
# drafting/modifying the organization’s internal procedures in compliance with the GDPR; procedures are drafted in a highly customized way, according to the actual processes in the organization; lawyers will also recommend the setting up of a procedures committee to ensure that the procedures are permanently adapted to the needs of the organization
# review employment contracts and job descriptions; lawyers will make general suggestions and, if management requests, review each job description individually
# review contracts with the organization’s partners to include the clauses required by the GDPR; the review will include clarification of the type of contractual relationship from a GDPR perspective; the need to review contracts may highlight severe problems in the conduct of contractual relationships, which can only be resolved through the involvement of the organization’s top management; lawyers will also present to management the issues to be agreed with the organization’s contractual partners
# drafting information to own employees and drafting information and communications to be addressed to persons from whom personal data are collected; training on how to communicate with data subjects
# training sessions for employees who handle personal data on GDPR requirements and behavioural requirements; the training covers both the provisions of the Internal Regulation required under GDPR and technical aspects related to the organization’s security policy.