With the entry into force of the GDPR (EU Regulation 2016/769), applicable from 25 May 2018, common rules have been introduced for all European companies, professionals and public bodies, which are required to correctly implement their protection system of Personal Data in order to protect, in addition to the rights of the data subjects, also the reputation of companies on the market, through a risk based approach and on the assumption of the need to document and demonstrate the choices taking into account the state of the art, costs, the nature, scope and context of the data processings.
In this specific area, the GTA Law Firm assists companies, including multinationals, public and/or publicly owned entities, as well as professionals:
a) in the phase of verifying compliance with regulations, by planning specific audits;
b) when updating the Model for the Protection of Personal Data, in relation to regulatory changes, changes in company activity or in case of situations that need to be assessed to maintain the effectiveness of the Model over time;
c) during the implementation of the Data Protection Model;
d) in training the recipients of the GDPR, according to customized projects defined with each single company;
e) during the identification of processings that present a high risk for the rights and freedoms of data subjects, as well as in the activity of the data protection impact assessment (DPIA;
f) in the pathological phase, assisting companies in investigative activities carried out by the Guarantor Authority for the protection of personal data, or, on its behalf, by the Guardia di Finanza (italian financial supervisory Authority), and in the management of proceedings before the Guarantor Authority or other competent Courts;
g) for companies affected by the related obligation pursuant to the GDPR, with certified competences of Data Protection Officer.
The Law Firm boasts and maintains relationships with leading law firms around the world specialized in Data Protection, making use of their collaboration also in order to assess the compliance of the processings carried out by client companies, in addition to the GDPR and the Italian legislation, also to the foreign regulation from time to time concerned.
The Firm also deals with analyzing the flows of Personal Data within complex and structured corporate realities as well as entrepreneurial Groups with Parent Company also located in countries outside the EU/EEA area (e.g. China, Mexico), identifying the better solutions for client companies and dealing with the definition of General Agreements on Data Protection, as well as, with specific reference to the transfer of Data to third countries, with the assistance and consultancy in the process of drafting and approving binding corporate rules (BCR) and/or in the adaptation of standard contractual clauses.