Data protection impact assessment

Pursuant to art. 35 of the GDPR, we offer our Client support in all risk analysis evaluations required by GDPR for those processing activities which, due to their purpose, nature and context, and in relation to the business area where the Client operates, may potentially pose a risk for the rights and freedoms of the data subjects involved. 

In this context, we offer our Data Protection Impact Assessment services (i.e. DPIA), which include:

  • Preliminary opinion on the necessity to carry out a DPIA, after a technical and legal analysis of the processing operations, in light of the legislative requirements (both national and European) and considering the nature of the Client’s activities and any applicable sectorial legislation;
  • After establishing the necessity or the opportunity to carry out a DPIA, analysis of the corporate processes and of all the personal data flows in the relevant area, from a technical and legal standpoint;
  • Assessment of the necessity and the proportionality of the processing, in relation to the purposes to achieve, together with an evaluation of the risks for the rights and freedoms of the individuals;
  • Identification of all the required document to be drafted, pursuant to the applicable data protection laws and to the specific sectorial law (e.g. privacy notice, procedures, consent forms, specific modalities for collection of consents etc.);
  • Definition of operating procedure for designing data flaws in a privacy compliant manner;
  • Definition of organizational processes, adequate security procedures and appropriate mechanisms to ensure protection of personal data and full compliance with the GDPR and with the specific sectorial laws;
  • Where necessary, support in involving and/or collecting the opinions of the data subjects (or their representatives);
  • Where necessary, assistance in prior consultation to the Supervisory Authority, pursuant to art. 36 of the GDPR, and where the residual risk, after analysis and adoption of security measures, remains high.

Thanks to a wide experience in the field, together with constant updates and attentions to news and novelties in the legal and technological framework, we offer our Clients a complete and precise service, with a dynamic and innovative approach which goes beyond the mere analysis of the privacy risks connected to a single operation (usually offered by most tools available on the market). Our analysis in fact, also considers and analyzes the potential implications on the individual rights of the data subjects, including, by way of example, the right to self-determination, the right to image, to reputation, the right to health and to integrity. 

Out DPIA services are offered by a cross disciplinary team of experts in different areas, including legal and information security, through which we can assist our Clients in adopting adequate security measures, ensuring full compliance with data protection laws.