GDPR, Privacy & Data Protection

Businesses work in a complex, ever-evolving environment.
Our legal services team will guide and advise, to help you navigate it

European Regulation 2016/679 lays down numerous formal and substantive requirements concerning data processing and data protection.

RSM Legal Italia advises companies on Privacy and Data Protection matters, assisting them in carrying out all the obligations required by the legislation.

Our team combines in-depth knowledge in the field of Data Protection with the ability to assess multidisciplinary analysis of individual cases.

The assistance offered covers the analysis of all issues relating to personal data protection, also in view of their possible implications on other disciplines, such as labour law, company law, consumer law and compliance in general (including Legislative Decree 231/2001).

We guide our clients, especially subsidiaries of non-European groups, on an ongoing journey towards regulatory compliance in privacy and data protection, e.g. by developing an internal privacy organisation chart, drafting and revising company documentation, drafting of data processing agreements and co-ownership agreements.

In addition, our team will assess the legitimacy of data processing so as to protect the interests of data controllers in proceedings involving the use of data, also providing assistance in the event of proceedings before the Data Protection Authority and the judicial authorities.

Our services:

Risk analysis and assessment of the adequacy of the adopted measures
Risks and processes mapping
Identification of areas and risk factors
Data Protection Impact Assessment (DPIA)
Preparation of notices
Preparation of appointments of authorised and responsible persons
Preparation of policies/procedures/protocols (e.g. data breach, data subject request; etc.)
Preparation of register of incidents and stakeholder requests
Preparation of treatment register
Advice on drafting the security measures summary document
Delivery of training (in person or remotely) on the principles of the GDPR, the correct implementation of the model and policies/procedures/protocols
Data Protection Officer (DPO) pursuant to EU Reg. 679/2016