GDPR

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue based. The General Data Protection Regulation covers all companies that deal with the data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018.

KEY PROVISIONS OF GDPR
  • Impacts any company regardless of location;
  • Greater data processor obligations/accountability;
  • Data minimization;
  • Explicit freely given consent – not implied or forced;
  • Data breach notification obligations – 72 hours;
  • Privacy by Design-Embed protection around personal data in systems and organization design;
  • Documentation – clear and transparent policies and procedures;
  • Use of Privacy Impact Assessments (PIAs);
  • Appointment of Data Privacy Officer (DPO) – internal or external;
  • Impacts transfers within groups of companies;
  • Right to be Forgotten/Right of Erasure on customer request.
GDPR REQUIREMENTS

DATA PROTECTION OFFICER: Need to appoint as part of the governance process.

PRIVACY RISK ASSESSMENT: Identification and assessment of privacy related risks to be performed to ensure any risk of personal discrimination, identity theft or fraud, financial loss and reputational damage is mitigated. Includes children’s data as well.

DATA PROTECTION ASSESSMENT: For certain sensitive data, an assessment of the impact on the personal aspects of data must be performed.

DATA PROTECTION BY DESIGN: Collect, process and store data that is only required for business purposes. Disclose this information upon consent to protect the rights of data subjects.

DATA TRAINING: Employees must be trained on and be aware of data privacy, protection and security policies and processes.

DATA TRANSFER AND INFORMATION SECURITY: Document the strategy for the movement of data across international borders. Ensure Information Security controls are effectively designed and are operating as specified.

DOCUMENTED DATA FLOWS: Required to document the lifecycle of personal data including the transfer to business partners and other countries to meet the obligations of GDPR.

DATA POLICIES, TRANSPARENCY AND STORAGE: Transparency across the functions including the processing and personal data protection policies will need to be documented and communicated. Document and disclose data archiving and storage policies.

GDPR CHALLENGES

DATA MANAGEMENT
Data dictionary, accessibility, timing & accuracy
Data flows and transfer process

DATA STRATEGY
IM Security, cultural change, implementation
Data Protection Officer & Data Policies

DATA PRIVACY
Access control
Data masking (Pseudonymisation)
Right to forget

DATA BREACH
Accidental breach, cyber attack
Third party compliance

DATA ACCESS REQUESTS
Data storage
Volume and transfer

NEW TECHNOLOGIES
Distributed ledgers (Blockchain)
Artificial Intelligence

GDPR APPROACH

LDP develops trusted, integrated partnerships with each of its clients. We leverage our experience to develop solutions that create value and achieve compliance through positive returns.

We combine experience, process and strategy to create and implement a custom-tailored solution designed to fit the goals of your business. Most importantly we ensure business users are trained on the policies and adopt the new ways of working effectively.

About us

LA NAIA, DI ORONZO & PARTNERS is a tax & law firm established in 1993 offering a full range of professional services for multinational companies doing business in Italy. These services include company formation in Italy, accounting system setting up, bookkeeping, tax and vat compliance financial reporting packs (IFRS, US GAAP, Italian GAAP), preparation of employment contracts, payroll management, transfer pricing documentation, corporate finance, legal advice, audit, immigration. and more. Our services allow our clients to focus on developing their businesses in Italy saving time and money. Our One-point-of-Contact business model effectively and efficiently matches your requirements with tailor-made solutions, saving you valuable time and resources. LDP will support you every step of the way in doing business in Italy.

International network