General Data Protection Regulation (GDPR)

GDPR, the General Regulation on the protection of personal data EU 2016/679, is the new European legislation, directly applicable in all Member States from 25 May 2018, which aims at harmonizing the protection of the fundamental rights and freedoms of natural persons with respect to data processing activities and to ensure the free circulation of personal data.

By strengthening the legal framework on data protection, the above -mentioned regulation intends to increase consumer confidence in new technologies, thus enabling a better development of the digital economy.

The protection provided by the regulation applies to natural persons, regardless of nationality or place of residence, in relation to the processing of their personal data.

Proconsul Group, a supporter of Federprivacy, relies on certified professionals who, in agreement and full collaboration with the customer’s structure, will always guarantee the highest standards required in this area, providing specific advice for compliance with the GDPR.

Documentary adjustment

In application of Regulation (EU) 2016/679, it is essential that every organization that processes personal data undertakes an adaptation path. Proconsul Group is able to support the customer in the different stages of this path:

• defining the data processing put in place by the organization (purposes, interested parties, categories of personal data being processed);
• defining the privacy organization chart and arranging the drafting of the relevant letters of appointment / contracts;
• preparing the information and acquiring the consent of the interested parties, if necessary;
• proceeding with the analysis of the risks related to the processing activities and identifying the appropriate security measures to limit the identified risks;
• evaluating the obligation / opportunity to designate a Personal Data Protection Officer (DPO) and to carry out an assessment of the impact of the envisaged treatments on the protection of personal data;
• verifying the compliance with specific provisions of the Guarantor (including system administrator, use of cookies, video surveillance);
• raising awareness and training those involved in the processing of personal data (authorized).

Computer systems security analysis

The (EU) Regulation 2016/679 makes the link between the protection of personal data and the security of IT systems even more evident. Companies must, therefore, apply suitable conduct in order to counter IT risks. 

Each organization – in accordance with the accountability principle, a real cornerstone of the GDPR – should therefore proceed with the analysis of its systems, also through the Vulnerability Assessment and Penetration Test activities, for which Proconsul Group places resources and skills of its IT Security division.

Other services for the GDPR

In collaboration with the other business units present in the company, specialized in IT security, Proconsul Group is also able to offer further services regarding the Privacy / GDPR theme:

• specific training:
• mandatory, necessary and representing the first security measure with regard to data processing operations;
• designing of data processing processes: privacy by default and design;
• accountability principle:
• reporting on the activities carried out by the Data Controller aimed at demonstrating, in a positive and proactive way, that the methods chosen to perform the data processing operations are adequate and compliant with the law.