Law in the world of cyber security and data protection
Cyber Security is an increasingly topical issue in the world of law: we deal with Cyber Security and Data Protection both in a preventive manner and in the assistance phase following a Data Breach event.
Preventive Cyber Security Activities
Our dedicated team is dedicated to the analysis, verification, and drafting of Risk Management Plans and Incident Response Plans.
Here are the main activities in which we specialise
- Development and legal implementation of a cyber security model and information security management systems (ISMS, ISO 27001)
- Internal audits of the information security management system
- Legal compliance and assistance in the certification of services, products, and business processes, and in the preparation and participation in tenders for the purchase of products or services in the field of Cyber Security
- Due diligence on the state of information security of our customers and diagnosis of criticalities in the system for the planning and management of the necessary implementation measures (Vulnerability Assessment – Penetration Test – Data auditor software monitoring)
Crisis assistance for Data Breach
The other area we deal with in the field of Cyber Security is Data Breach First Aid, i.e., an intervention to manage the crisis caused by a computer violation.
This intervention takes the form of a series of activities:
- Analysis of the data breach and categorisation by criticality and degree of risk
- Assessment of the need to notify the Privacy Guarantor (GPDP) and the parties concerned
- Support in defining and drafting the notification
- Evaluation of measures adopted and to be adopted
Our team of specialists offers consultancy aimed at adapting the company’s privacy system to the EU Reg. 2016/679, supporting the company organisation in researching and adopting timely data protection strategies that allow adequate Accountability and at the same time avoid the imposition of administrative and criminal sanctions.
The consulting activity on privacy, in implementation of the principles of privacy by design and by default, includes:
- analysis and verification of the compliance of the privacy system with Legislative Decree 196/03, of the state of compliance with EU Reg. 2016/679 and with the applicable provisions of the Supervisory Authority
- analysis of the work organisation, of the related processes and procedures adopted, and of the related data flow
- analysis and assessment of data risks: identification of any criticalities/wrong practices and identification of preventive and/or improvement corrective actions according to the company’s specific features
- updating/amendment/integration of the information processes involved in the processing of personal data
- support for document adaptation/adoption-revision of company policies.
- training of persons in charge of data processing
- maintenance, with audits aimed at providing evidence of the constant verification of compliance of the processing operations carried out by the Data Controller and adaptation to new regulations applicable to the organisation
- Assistance and representation before judicial and administrative authorities (Data Protection Authority)
- External appointment of Data Protection Officer (DPO)
- Integration of the privacy management system with other corporate systems