Privacy Assessment

THE I, in partnership with legal experts, can help your company to verify GDPR compliance and, if necessary, correct procedures and documentation to comply with these regulations.

Since 25 May 2018, the GDPR (General Data Protection Regulation) is applicable in all European Union Member States, the legislation relating to the protection of individuals with regard to the processing and free movement of personal data.

The data controller, a position made necessary by the GDPR, is responsible for carrying out assessments that help him/her to understand the level of risk related to privacy and the security measures to be taken to reduce it.

Failure to comply with the GDPR exposes companies to very high penalties and the economic value of the data collected is also significantly lower. Data collected through adequate procedures is in fact worth much more than data collected through inadequate procedures.

Privacy Impact Assessment

The Privacy Impact Assessment (PIA), i.e. the assessment of the impact on the protection of personal data, is a process structured in recursive phases that will allow the analysis, identification, and reduction of privacy risks and verification of GDPR compliance.

DPIA

If the level of risk is high due to the nature of the data processed, the sector or technologies involved, the data controller will have to conduct a Data Protection Impact Assessment (DPIA). The DPIA is an in-depth analysis of data processing, i.e. internal procedures, data flows, technical, organizational, legal and security measures. With a DPIA it will be possible to demonstrate the effective protection of personal data and compliance with the GDPR.

We think about security, you think about your business.

System administrators

As we have already seen, it is good practice for the data controller to carry out risk analysis and impact assessment for data security, but the data controller must also be able to demonstrate that both the organizational measures and the security measures adopted are adequate to comply with the requirements of the Regulation.

In addition to the organizational measures, the GDPR requires technical measures in order to ensure data protection and security. In this scenario, the system administrator plays an important operational role within the company. In fact, the system administrator is an essential figure for the security of databases and the correct management of networks, data, access, and control of the correct functioning and use of IT systems. Basically, the system administrator must be able to guarantee data protection at a technical level. Choosing an external system administrator means relying on a qualified and highly responsible professional who will take charge of the security profile, guaranteeing full compliance with regulations and simplifying company procedures.. 

GDPR Compliance

THE I, in partnership with legal experts, can help your company to ensure compliance with the directives of the new GDPR legislation, achieving, also through concrete procedures such as vulnerability assessment, integration of SIEM, Log Management and document production, compliance with data protection regulations. Our technical expertise, as well as legal expertise, will enable you not only to identify problems but also to solve them.

Training

The employees of a company authorized to process personal data under the direction of the data controller must be familiar with the GDPR regulations. The data controller must therefore ensure that its employees receive training in the obligations imposed by the regulations.

THE I may organize training courses, online or in presence, tailored to your company’s needs.

In addition to training on topics closely related to GDPR, we can also provide basic training on cybersecurity, in order to make your employees aware of best practices to avoid malicious attacks on your company. Most of the time, employees become an unwitting vehicle for cyber attacks against companies.