European Regulation 2016/679 lays down numerous formal and substantive requirements concerning data processing and data protection. 

RSM Legal Italia advises companies on Privacy and Data Protection matters, assisting them in carrying out all the obligations required by the legislation. 

Our team combines in-depth knowledge in the field of Data Protection with the ability to assess multidisciplinary analysis of individual cases. 

The assistance offered covers the analysis of all issues relating to personal data protection, also in view of their possible implications on other disciplines, such as labour law, company law, consumer law and compliance in general (including Legislative Decree 231/2001). 

We guide our clients, especially subsidiaries of non-European groups, on an ongoing journey towards regulatory compliance in privacy and data protection, e.g. by developing an internal privacy organisation chart, drafting and revising company documentation, drafting of data processing agreements and co-ownership agreements. 

In addition, our team will assess the legitimacy of data processing so as to protect the interests of data controllers in proceedings involving the use of data, also providing assistance in the event of proceedings before the Data Protection Authority and the judicial authorities.


Our services: 

  • Risk analysis and assessment of the adequacy of the adopted measures 
  • Risks and processes mapping 
  • Identification of areas and risk factors 
  • Data Protection Impact Assessment (DPIA) 
  • Preparation of notices 
  • Preparation of appointments of authorised and responsible persons 
  • Preparation of policies/procedures/protocols (e.g. data breach, data subject request; etc.) 
  • Preparation of register of incidents and stakeholder requests 
  • Preparation of treatment register 
  • Advice on drafting the security measures summary document 
  • Delivery of training (in person or remotely) on the principles of the GDPR, the correct implementation of the model and policies/procedures/protocols 
  • Data Protection Officer (DPO) pursuant to EU Reg. 679/2016