The new Data Protection Law (LPD) has been in force since 1 September 2023.
All Organizations (whether they are a company, a professional, an association, a public body) must adapt to the new regulatory requirements. new data security measures, internal reorganisation, assignment of new tasks and responsibilities, awareness and training of personnel on data security, control activities in operational processes and more..
The 'LPD / GDPR Gap-analysis' service consists of assessing the adequacy of the company's current privacy and data protection management system.
We first proceed with an analysis of the company's processes/services and suppliers, in order to identify, analyse and 'map' the personal data processed, the processing methods, the systems and technologies that store, process, transmit personal data. The current organisational/technological measures and controls for the secure processing of personal data are then analysed (security of the IT environment and devices; management of access to IT systems; security of networks, data exchanges and communications; security in the use and handling of IT tools and data storage media; etc.).
In conclusion, the level of adequacy of the current corporate system of privacy management and personal data protection is assessed with respect to best practices and reference standards (ISO, NIST, etc.) and to the requirements expected from the regulations (LPD - GDPR) and suggestions are given to cover the present 'gaps'.
This service makes it possible to assess the level of damage that could be suffered by the persons to whom the personal data belong, in the event of events that impact data security, i.e. that cause the lack of confidentiality, integrity, or availability of the personal data processed by the Organisation.
This is followed by an analysis of the probability of occurrence of such personal data compromise events, and then an assessment of the personal data security risk levels that the organisation must manage. With regard to excessively high risks, suggestions are given to counteract and reduce them.
This service consists in identifying the plan of remediation interventions necessary to achieve full regulatory compliance with the LPD / GDPR and an adequate level of security of the personal data processed and, therefore, in supporting the Organisation in the implementation of the interventions of the 'Remediation Plan'.
The interventions include, but are not limited to, the preparation of: disclosures, privacy policy, cookie policy, consent statements, contracts of entrustment to the data controller, appointments of authorised person, Non Disclosure Agreement, Binding Corportae Rules, Privacy Manual, policies and operating procedures for regulatory compliance and data security.
The "Privacy Consultant" service foresees the possibility for the Organisation's Management to have a trusted Consultant from SECURITY LAB ADVISORY at their disposal, to whom they can ask, when necessary and according to the Client's specific needs, for expert support on privacy management, personal data protection and LPD / GDPR compliance.
"In order to perform the function of "Data Protection Officer" envisaged by the European Regulation 2016/679 ("GDPR") and, similarly, of "Data Protection Advisor" envisaged by the new LPD, SECURITY LAB ADVISORY SAGL provides a team of experts coordinated by an employee/consultant. The tasks assigned to the DPO include
Thanks to its team of experts, SECURITY LAB ADVISORY is able to provide privacy and data protection training (LPD / GDPR) either in presence or through online webinars or e-learning courses, depending on the organisation's needs. If you are interested, take a look at our offer.
