Privacy Compliance (GDPR)

In 2016 De Luca & Partners created the Privacy and Data Protection Department. The team, led by the Firm’s Managing Partner, Vittorio De Luca and by Martina De Angeli, Associate – Practice Leader Compliance/GDPR/H&S/231 of the Firm, offers assistance and advice on Privacy and Data Protection matters, supporting Italian and foreign clients in all related ordinary and interim disputes before the ordinary courts and before the competent Regulatory authorities.

De Luca & Partners law firm Milan

In particular, the Firm, with its consolidated experience in employment law, has over the years thoroughly investigated the issues and impact of data protection legislation, providing comprehensive and integrated GDPR advice to Client companies so that they can continue their business activities and, at the same time, comply with the GDPR.

De Luca & Partners’ professionals have in-depth knowledge of legislation and practice and assist their Clients on a daily basis in the management of projects to adapt to the obligations required by sector legislation.

Expert lawyers in GDPR consultancy and personal data protection

The Department offers operational support through:

• mapping of collected data, of the processing carried out, of the purposes of processing and of the parties and entities involved through gap analysis;
• carrying out the Risk Analysis and Data Protection Impact Assessment (DPIA);
• attribution of certain roles and responsibilities in order to structure an internal privacy organisational chart;
• revision, supplementation and drafting of regulations (by way of example regulation on the correct use of work tools), policies and internal procedures containing organisational measures that guarantee adequate protection of personal data (e.g. the procedure for the correct management of requests by data subjects to exercise their rights);
• drafting of the Controller’s Records of Processing Activities;
• preparation or adapting of documentation: by way of example, information notices, forms for obtaining consent, appointments of authorised subjects and related instructions, appointments of external processors, website policies;
• implementation of internal control mechanisms that make it possible to verify the actual application of the implemented measures;
• implementation of the procedure governing any Data Breaches, drafting of the related forms as well as support and assistance in the management of any obligations connected to the breach;
• support and assistance in the event of inspections carried out by the supervisory authorities;
• assistance in proceedings before the supervisory Authority.

Our professionals are qualified to cover the role of Data Protection Officer (DPO).

In particular, the DPO:

• provides information and advice to the controller and employees regarding the obligations deriving from sector legislation;
• monitors compliance with the relevant legislation;
• assists in carrying out the Data Protection Impact Assessment (DPIA);
• cooperates with the Supervisory Authority;
• acts as a contact point for the Supervisory Authority and the data subjects;
• assists in the constant monitoring of the risks of the proceedings in the performance of all the tasks performed.

The Team also supports its Clients in:

• training and updating of company management and employees;
• preparation of the necessary training material;
• organisation of specific training workshops.

Furthermore, the Firm works closely with several business law firms, private equity firms and investment funds, typically in the management of GDPR Compliance and Data Protection aspects in M&A operations.

In providing its services, De Luca & Partners always adopts a tailor-made approach, seeking the best solution in relation to its Clients’ needs and explaining the rules for correct compliance in a simple and clear way.