Regarding the protection of personal data, the primary regulatory references are the EU Regulation 2016/679 (GDPR) and, for Italy, the Privacy Code (Legislative Decree 196/2003 as amended by Legislative Decree 101/2018).
Also to be considered:
- the Decisions of the European Commission (adequacy decisions and decisions on standard contractual clauses - SCC);
- Charter of Fundamental Rights of the European Union;
- Treaty on the Functioning of the European Union (TFEU);
- Directive 2002/58/EC;
- European Convention on Human Rights (ECHR);
- Measures issued by Supervisory Authorities;
- documents (Guidelines, Opinion, Decisions, and other production) issued by the European Data Protection Board (EDPB);
- some technical standards (by way of example, ISO 27001).
Therefore, in summary, we must distinguish two main areas of activity:
- the role of Data Protection Officer (DPO).
Regarding the consultancy, our Law Firm carries out the professional activities that we indicate below in a synthetic way:
- training on the subject of personal data protection and privacy;
- drafting of the documents required by the regulations in force, including:
- appointments to authorized persons;
- contracts with the data controller;
- contracts between joint controllers;
- records of processing activities;
- standard contractual clauses in case of relationships with third countries;
- updating of any documents already prepared;
- support in responding to requests from data subjects, also for the exercise of their rights;
- support for the drafting of the Data Protection Impact Assessment (DPIA);
- support for data breaches;
- advice on specific data protection issues;
- representation and assistance before the Supervisory Authorities;
- representation and assistance before Italian and European Courts.
Nicola Fabiano plays the role of Data Protection Officer, according to the provisions of Articles 37 to 39 of the GDPR.