Assessment & Report activities – Gap Analysis
Assistance in the diagnostic and breach reporting phase
Support to the compilation of the Data Breach Record
Support in the event of notification to the Data Protection Authority
Support in the event of communication to the data subjects
Legal and tech assistance for the adoption of the remedial measures
The GDPR gave a new dimension to the Data Breach phenomenon.
It’s not a mere IT issue anymore (as often is still represented in the common imaginary) but a more wide issue that finds is focus in a single common factor: the human being.
The Human Factor is at the core of the Data Breach definition provided by GDPR “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
When one or more breaches occur, GDPR requires that the Data Controller and the Data Processor take certain actions, in the omission of which can result in the issuing of significant sanctions, up to considerably big thresholds, by now well known by all the organizations.
Our Legal Firm assists Controllers and Processors in every assessment that privacy law request them to perform when a data breach occurs.
Discover the advanced support project that the Firms is offering for the management of data breaches, designed by joining high-level IT skills and legal ones to assist Controllers and Processors: the Data Breach Task Force.
Data Breach Task Force
In the first and a half year of GDPR application the Italian Authority received more than 2000 notifications of personal data breaches.
For our perception of a “battlefield”, this is a modest number still.
However, it is a trend destined to grow as quickly as procedures, controls and organizations will be familiarized with the data protection field.
For this reason Orlandi&Partners Studio Legale formed an innovative legal-tech task force that is activated within 24h from the Client’s request, in the light of a data breach that the latter suffered and that provides, in real time – or in any case in a granted time:
– data breach analysis (criticalities/risk/high risk)
– assessment of the necessity to notify the Data Protection Authority and to communicate to the data subjects
– support to the notification/communication drafting
– assessment of the measures already in place and to be adopted;
– quotation of the measures to be adopted (if requested);