GDPR: assessment and compliance
Reg. UE 2016/679 (GDPR) and new Legislative Decree No. 196/2003:
The privacy assessment and privacy up to standards phases
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Privacy chart
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Information to be provided to the data subject (c.d. “Privacy policy”)
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Designations( Contracts/ Other acts adequate to formally determine the Data Processors
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Authorizations to process data directed at the employees or other authorised individuals under the Data Controller or Data Processor authority.
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Records of processing activities
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Personal Data Breach Records
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Instructions adequate to all the subjects involved in the processing of personal data
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
RAEE Policy
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Procedure of response to the Data Subjects requests
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Data Breach management procedure
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Data retention policy
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Technical Policy on the use of IT equipment
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Check on the adequacy of physical, logic and organizational measures adopted
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Data Protection Impact Assessment (DPIA)
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Vulnerability Assessment (modulo autonomo)
![](https://studiolegaleprivacy.com/new/wp-content/uploads/2016/09/success.png)
Other necessary documents relating to Data Protection Authority regulatory measures (e.g. management of video-surveillance, GPS, Administrators of Systems, etc.)
Starting from 2018, May 25th, the acronym GDPR has begun to indicate something more than simple letters.
The main purpose of the Regulation is n’t only about harmonising the application of data protection, already exceptionally technical and complex, but also about achieving a profound revolution in the culture of security in processing personal data and in ensuring their correct circulation.
The central activity that every undertaking, legal entity public body and other organizations must perform in order to be privacy compliant is a substantial process of analysis and bring in conformity that we can divide in at least three essential phases.
Up to standard: consisting in the regularization of documental, organizational and security terms.
Instructions and Procedures
Implementation and adaptation of the security measures