Implementation of RODO compliance

GDPR compliance is difficult to define due to the generality of these regulations.

The method of implementation should be tailored to your business, the nature of the data and your data protection practices. Our team has a wide range of experience and a practical approach to the application of personal data protection regulations, developed over many years. This enables us to develop proposals for both organisational and technical solutions that meet the requirements of a specific activity.

  • We plan and carry out an implementation project with a detailed plan of documentation and actions to be taken by the client.
  • We do not implement just documents!
  • We provide both technical and organisational activities.
  • We do not overlook difficult aspects such as risk and impact assessment.
  • We specialise in matching the security model to the business.
  • We combine legal expertise with deep knowledge of information technology.
  • We are auditors: we know what aspects of compliance to look out for!

The GDPR introduces a completely different approach to security.

Risks to personal data should be defined, vulnerabilities identified and—on this basis—risks to the rights and freedoms of data subjects assessed. For violations of personal data protection regulations, the GDPR imposes fines of up to EUR 20,000,000 or 4% of global turnover in the last financial year.

In the GDPR, we find a requirement indicating the need to ensure security in data processing and to prevent breach of rules.

It is therefore necessary to ensure the security of the personal data processed in accordance with the requirements of confidentiality, integrity and availability of such data. Protection should be provided against unauthorised access to data and to the equipment used for processing.

The choice of security measures should take into account the state of the art solutions in IT. Furthermore, it should also take into account the cost of their implementation. Finally, the choice of security measures should be proportionate to the risk of personal data being compromised, taking into account the above factors and the nature of the personal data to be protected.

Much of the critical information that businesses and public sector organisations use in their operations is processed in ICT systems.

Protecting this data is becoming increasingly complex and requires a number of regulatory requirements. This is reflected in the need for security managers to consider many legal requirements, define technical protection measures and implement appropriate configurations of equipment and security software.

The locations where information is processed and stored should be identified, and the risks and potential threats defined, in order to best tailor the protection measures.