As of September 1, 2023, the new Data Protection Law (LPD) has been in force.
All Organizations (be they a company, a professional, an association, a public body) must adapt to the new regulatory requirements. The adaptation project involves new data security measures, internal reorganization, assignment of new tasks and responsibilities, awareness and training of personnel in data security, control activities in operational processes and more.
The service”LPD/GDPR GAP-Analysis” consists in evaluating the appropriateness of the current business system for managing privacy and protecting personal data.
We first proceed with the analysis of business processes/services and suppliers, in order to identify, analyze and “map” the personal data processed, the methods of processing, the systems and technologies that store, process, transmit personal data. The current organizational/technological measures and controls for the secure processing of personal data are then analyzed (security of the IT environment and devices; management of access to computer systems; security of networks, data exchanges and communications; security in the use and movement of IT tools and data storage media; etc.).
In conclusion, the level of appropriateness of the current corporate privacy management and personal data protection system is evaluated with respect to best practices and reference standards (ISO, NIST, etc.) and to the requirements expected by regulations (LPD - GDPR) and suggestions are given to cover the “gaps” present.
This service makes it possible to assess the level of damage that could be suffered by the people to whom the personal data belong, in the event of events that impact data security, i.e. that cause the lack of confidentiality, integrity and availability of the personal data processed by the Organization.
This is followed by the analysis of the probability of occurrence of such personal data compromise events and, then, the assessment of the levels of personal data security risk that the Organization must manage. With regard to excessively high risks, suggestions are given to counteract and reduce them.
This service consists in identifying the plan of the necessary adjustment interventions to achieve full regulatory compliance with the LPD/GDPR and an adequate level of security of the personal data processed and, therefore, in supporting the Organization in carrying out the interventions of the “Remediation Plan”.
Among the interventions, by way of example and not exhaustive, the preparation of: information, privacy policy, cookie policy, declarations of consent, contracts for entrusting the data controller, appointments of an authorized person, Non-Disclosure Agreement, Binding Corporate Rules, Privacy Manual, policies and operating procedures for regulatory compliance and data security.
The service of”Privacy Consultant” provides the possibility, on the part of the Organization's Management, to have a trusted SECURITY LAB ADVISORY Consultant at their disposal, to whom they ask when necessary and based on the specific needs of the Customer, competent support in the field of privacy management, personal data protection and compliance with the LPD/GDPR.
To perform the function of”Data Protection Officer” provided for by European Regulation 2016/679 (“GDPR”) and, similarly, of “Data Protection Consultant” provided for by the new LPD, SECURITY LAB ADVISORY SAGL provides a team of experts coordinated by a reference employee/consultant. Among the tasks assigned to the figure of the DPO we remember that of:
Thanks to its team of experts, SECURITY LAB ADVISORY is able to provide training on privacy and personal data protection (LPD/GDPR) both in person and through online webinars or e-learning courses, depending on the Organization's needs. If you are interested, take a look at our offer.
