We assist our Clients in defining and regulating the contractual relationship with strategic providers, entrusted with processing activities of personal data, especially in those business areas which are subjected to specific sectorial laws on externalizations (e.g. pharmaceutical sector).
With regard to this area, our services include:
- Preliminary evaluation of the general overall level of compliance of the provider, where there are specific legislative requirements which the provider has guaranteed upon;
- Assistance in drafting and reviewing service agreements, in all aspects which may have implication on the protection of personal data;
- Assistance in defining privacy roles and responsibilities with the service providers by drafting, where necessary, ad hoc appointments as Data Processor, pursuant to art. 28 GDPR, customized on the Client’s needs and on the characteristics of the specific service offered by the provider;
- Legal and technical verification of the adoption, by the provider, of adequate technical and organizational measures to ensure security and integrity of personal data processed on behalf of the Client.
Our services are specifically customized to the Client’s necessities, end include both a preliminary verification during the selection of an outsourcer and a subsequent control of the compliance level of the chosen provider for a specific service or activity.
Analysis and drafting of documents are carried out by cross disciplinary teams, including legal, technological, IT experts and professionals.