Certification
The GDPR (General Data Protection Regulation) aims primarily to ensure the protection of individuals’ personal data by strengthening data subjects’ rights and establishing stricter obligations of data controllers and of those processing personal data on their behalf. In other words, the GDPR is designed to safeguard people’s privacy and ensure the transparent and secure use of their data.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation that governs how companies and other organizations process personal data of individuals. The GDPR has a significant impact on data privacy laws worldwide and requires compliance from any organization processing the personal data of individuals in the EU.
The regulation enhances individual’s control and rights over their personal information and introduces the accountability of data controllers and processors. The GDPR integrates accountability as a principle (which goes beyond the Italian literal translation “responsabilizzazione”) which requires organizations to adopt proactive measures and be able to demonstrate compliance with the regulation and its effectiveness when requested. A formalist approach (e.g., obtaining consent and proceeding with data processing) is no longer sufficient, as consent is just one of several legal bases for processing. The ultimate responsibility remains with the data controller, who must ensure that individuals are protected against any data protection related risk arising from business activity which may affect your organization.
A key aspect of GDPR compliance is implementing appropriate safeguards based on a risk-based approach, allowing organizations to determine processing methods and limitations in accordance with the regulation’s general principles. However, data controllers are bound by specific legal principles, notably privacy by design and privacy by default, which require integrating data protection measures from the outset of any process or system.
The GDPR:
- Establishes the accountability principle for data controllers.
- Introduces higher administrative fines, varying based on the severity of violations.
- Introduces the principle of privacy by design and a risk-based security strategy, impact assessments, and specific procedures for data breach management.
- Sets stricter rules for appointing data processors, processors and sub processors
- Mandates the appointment of a Data Protection Officer (DPO) in specific cases.
- Provides clearer rules on transparency, privacy notices, and consent.
- Expands the rights of data subjects, granting them greater control over their personal data.
- Establishes strict criteria for transferring personal data outside the EU.
Certification
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation that governs how companies and other organizations process personal data of individuals. The GDPR has a significant impact on data privacy laws worldwide and requires compliance from any organization processing the personal data of individuals in the EU.
The regulation enhances individual’s control and rights over their personal information and introduces the accountability of data controllers and processors. The GDPR integrates accountability as a principle (which goes beyond the Italian literal translation “responsabilizzazione”) which requires organizations to adopt proactive measures and be able to demonstrate compliance with the regulation and its effectiveness when requested. A formalist approach (e.g., obtaining consent and proceeding with data processing) is no longer sufficient, as consent is just one of several legal bases for processing. The ultimate responsibility remains with the data controller, who must ensure that individuals are protected against any data protection related risk arising from business activity which may affect your organization.
A key aspect of GDPR compliance is implementing appropriate safeguards based on a risk-based approach, allowing organizations to determine processing methods and limitations in accordance with the regulation’s general principles. However, data controllers are bound by specific legal principles, notably privacy by design and privacy by default, which require integrating data protection measures from the outset of any process or system.
The GDPR:
- Establishes the accountability principle for data controllers.
- Introduces higher administrative fines, varying based on the severity of violations.
- Introduces the principle of privacy by design and a risk-based security strategy, impact assessments, and specific procedures for data breach management.
- Sets stricter rules for appointing data processors, processors and sub processors
- Mandates the appointment of a Data Protection Officer (DPO) in specific cases.
- Provides clearer rules on transparency, privacy notices, and consent.
- Expands the rights of data subjects, granting them greater control over their personal data.
- Establishes strict criteria for transferring personal data outside the EU.
The GDPR (General Data Protection Regulation) aims primarily to ensure the protection of individuals’ personal data by strengthening data subjects’ rights and establishing stricter obligations of data controllers and of those processing personal data on their behalf. In other words, the GDPR is designed to safeguard people’s privacy and ensure the transparent and secure use of their data.
Our Approach to
GPDR
GERICO provides support to help businesses comply with the General Data Protection Regulation (GDPR) ensuring that the business processes are aligned with regulatory obligations. Our approach helps companies maintain compliance by:
- Providing consultancy to data controllers who need to comply with their obligations under the regulation, with a specific focus on maintaining the record of processing activities and the data breach register.
- Monitoring compliance with the GDPR, as well as the data protection policies of the data controller or processor, including assigning responsibilities, raising awareness, and training personnel involved in data processing and related control activities through specific audit plans.
- Offering expert guidance on Data Protection Impact Assessments (DPIAs) and overseeing the execution in accordance with Article 35 of Regulation 679/2016.
- Cooperating with the Data Protection Authority to ensure GDPR compliance.
- Acting as the privileged point of contact for the Data Protection Authority for any issues related to data processing.
- Ensuring the maintenance of a reliable register of personal data breaches affecting the company.
GERICO also offers a customized “DPO as a Service” solution with a Data Protection Officer (DPO) formally appointed to carry out all GDPR-required activities. Our extensive expertise supports company management in assessing specific compliance needs.
In addition, we may conduct a comprehensive assessment of the business confidential information to protect any precious information (intellectual property, industrial secrets) identifying potential vulnerabilities and defining risk mitigation strategies to strengthen data security and regulatory compliance.
What We Offer
Support for companies in:
- activities required by the regulation and in conducting processes in compliance with the constraints imposed by the GDPR;
- extending their Information Security Management System ISO/IEC 27001 to the new ISO 27701 with the definition of a PIMS – Privacy Information Management System in compliance with the GDPR;
- forensic analysis for the purpose of identifying any Data Breach on Personal Data in the event of an incident or cyber attack in compliance with the GDPR.
- Introduction to GDPR (2/4 hours)
TRAINING FOR COMPANY PERSONNEL IN CHARGE OF PRIVACY ASPECTS
- GDPR and Legislative Decree 101 (16 hours)
- The ISO 27701 standard practical application (16 hours)
- Online Courses via E-Learning platform:
- Information Security Awareness (7 modules for a total of 4 hours)
- Introduction to GDPR (1 hour)
- Introduction to ISO/IEC 27001 (1 hour)
The courses are structured in accessible modules, and feature a highly qualified instructor who illustrates the topics supported by easy-to-understand slides, which are available to students, alternating theoretical explanations, practical examples and short videos that lighten the topics covered.
