Risk analysis
Pinpointing critical areas in an initial interview
Privaceasy is not just a piece of software but a team of specialised consultants
346
CONSULTING
1
2
3
4
1
We can draft yoour privacy statement
2
We can offer you full consultancy starting from the analysis phase
3
We can offer monitor your company on a daily basis
4
Contact us and make an appointment with one of our consultants
Privaceasy is not just a piece of software but a team of specialised consultants
346
CONSULTING
1
2
3
4
1
We can draft yoour privacy statement
2
We can offer you full consultancy starting from the analysis phase
3
We can offer monitor your company on a daily basis
4
Contact us and make an appointment with one of our consultants
APPOINTMENTS
Appointment to the various positions including controller, DPO, managers and processors
DRAFTING DOCUMENTS
Creation of company forms and reports with regular updating
ADAPT THE INFRASTRUCTURE
Information on the adjustments needed to corporate and IT infrastructure
PERSONNEL TRAINING
Training of data management personnel on the procedures to be adopted and any associated risks
INFORM THE AUTHORITIES
Timely reporting to the authorities regarding data breaches
” FACILE PER L’AZIENDA,
FACILE PER IL CLIENTE “
“EASY FOR THE COMPANY, EASY FOR THE CUSTOMER”
Risk analysis
Pinpointing critical areas in an initial interview
APPOINTMENTS
Appointment to the various positions including controller, DPO, managers and processors
DRAFTING DOCUMENTS
Creation of company forms and reports with regular updating
ADAPT THE INFRASTRUCTURE
Information on the adjustments needed to corporate and IT infrastructure
PERSONNEL TRAINING
Training of data management personnel on the procedures to be adopted and any associated risks
INFORM THE AUTHORITIES
Timely reporting to the authorities regarding data breaches
” FACILE PER L’AZIENDA,
FACILE PER IL CLIENTE “
“EASY FOR THE COMPANY, EASY FOR THE CUSTOMER”
FREQUENTLY ASKED QUESTIONS
What does being a privacy Consultant mean?
APrivacy Consultant is a professional who has received special certification or has completed a dedicated course of study. Such courses serve to train a Consultant and keep him constantly up to date so that he is able to help and support companies and professionals to comply with the new European GDPR, so protecting their own and others’ data and avoiding sanctions and image repercussions.
My company processes “only” customer data and we keep all data under lock and key, we don’t need any special measures, so can we manage privacy on our own?
It is absolutely not a given that a company that only processes common data does not have to comply with any particular formalities, because it is not the nature of the data that determines the measures, but how data are processed. You could manage your privacy on your own, but this would mean having to inform yourself in detail about each new GDPR directive, identify the potential risks and potential flaws in your system, and then be able to understand exactly what steps to take to meet the dangers, and if necessary be able to explain in detail to the Privacy Authority the precautions taken in case of data theft.
What are the obligations of the Privacy Consultant?
To run basic privacy courses for the owner of the company and all employees who come into contact with customer and supplier data – To draw up the appropriate documentation for the owner, employees, suppliers and managers outside the company – To draw up a correct privacy policy to be signed by the customer, specifying the nature of the processing, the purposes and duration of data retention.
Who is involved in these formalities?
All these basic requirements concern anyone who comes into contact with data, even if they are limited to first and last names. It goes without saying that the figure of the Privacy Consultant plays a very important and decisive role in the management of a company and to do without him could put the company at risk of by no means negligible dangers and sanctions.
How important is a privacy Consultant?
Having a contact person who has a detailed familiarity with the new European GDPR and keeps constantly up to date is fundamental for companies and professionals, since data processed differently to what is specified inevitably entail a potential danger for the rights and freedoms of data subjects.
Are training courses required to enable companies to manage and guarantee the data in their possession?
Article 29 of the European GDPR makes training mandatory, so that every legal subject is familiar with the Regulations and knows how to apply them continuously and correctly. Our team of consultants is at your disposal.
Is training only mandatory for the owner of the company or for the employees too?
Article 29 of the European GDPR states that “The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller……”. In short, we can already answer the question: training for employees is mandatory!
Supervisory body and sanctions
Controls by the Privacy Authority (the supervisory body) are already underway and sanctions have been applied sometimes of a certain entity, through the Guardia di Finanza. During the inspection, the concept of accountability is fundamental: during the control phase, the company or professional must demonstrate with logical reasoning and evidence what has been done and what has not been done, laying out the reasons for non-compliance. If the Authority deems it necessary to apply the sanction, it will be the elements collected during the inspections that ensure it can be applied in an effective, proportionate and dissuasive manner. Sanctions can amount to up to 4% of the company’s turnover.
FREQUENTLY ASKED QUESTIONS
What does being a privacy Consultant mean?
APrivacy Consultant is a professional who has received special certification or has completed a dedicated course of study. Such courses serve to train a Consultant and keep him constantly up to date so that he is able to help and support companies and professionals to comply with the new European GDPR, so protecting their own and others’ data and avoiding sanctions and image repercussions.
My company processes “only” customer data and we keep all data under lock and key, we don’t need any special measures, so can we manage privacy on our own?
It is absolutely not a given that a company that only processes common data does not have to comply with any particular formalities, because it is not the nature of the data that determines the measures, but how data are processed. You could manage your privacy on your own, but this would mean having to inform yourself in detail about each new GDPR directive, identify the potential risks and potential flaws in your system, and then be able to understand exactly what steps to take to meet the dangers, and if necessary be able to explain in detail to the Privacy Authority the precautions taken in case of data theft.
What are the obligations of the Privacy Consultant?
To run basic privacy courses for the owner of the company and all employees who come into contact with customer and supplier data – To draw up the appropriate documentation for the owner, employees, suppliers and managers outside the company – To draw up a correct privacy policy to be signed by the customer, specifying the nature of the processing, the purposes and duration of data retention.
Who is involved in these formalities?
All these basic requirements concern anyone who comes into contact with data, even if they are limited to first and last names. It goes without saying that the figure of the Privacy Consultant plays a very important and decisive role in the management of a company and to do without him could put the company at risk of by no means negligible dangers and sanctions.
How important is a privacy Consultant?
Having a contact person who has a detailed familiarity with the new European GDPR and keeps constantly up to date is fundamental for companies and professionals, since data processed differently to what is specified inevitably entail a potential danger for the rights and freedoms of data subjects.
Are training courses required to enable companies to manage and guarantee the data in their possession?
Article 29 of the European GDPR makes training mandatory, so that every legal subject is familiar with the Regulations and knows how to apply them continuously and correctly. Our team of consultants is at your disposal.
Is training only mandatory for the owner of the company or for the employees too?
Article 29 of the European GDPR states that “The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller……”. In short, we can already answer the question: training for employees is mandatory!
Supervisory body and sanctions
Controls by the Privacy Authority (the supervisory body) are already underway and sanctions have been applied sometimes of a certain entity, through the Guardia di Finanza. During the inspection, the concept of accountability is fundamental: during the control phase, the company or professional must demonstrate with logical reasoning and evidence what has been done and what has not been done, laying out the reasons for non-compliance. If the Authority deems it necessary to apply the sanction, it will be the elements collected during the inspections that ensure it can be applied in an effective, proportionate and dissuasive manner. Sanctions can amount to up to 4% of the company’s turnover.