GDPR and Data Privacy

The Lawyer Febbraio GDPR_193x130.jpg

In view of the 25th May 2018 deadline, the firm can guarantee its clients the best legal assistance for becoming compliant with the law. We've set up a special team dedicated to providing our clients with assistance in drafting their data privacy procedures.  

The new EU regulation on data protection is already in force.

This law will not take effect until 25th May 2018. However, companies must already consider how the new regulation will affect their businesses and begin to prepare themselves for the May deadline.


The GDPR places great emphasis on the documentation that owners must keep on file in order to demonstrate compliance with the law. Companies will need to be very clear and transparent regarding the data that they hold and process, how they process it, as well as the legal basis for the data processing being carried out. The rules are changing and the consequences of these errors will be significant without a doubt.  In particular, the regulation has radically increased the sanctions: up to 4% of the annual worldwide turnover or €20,000.00 (the greater of the two amounts) for the most serious breaches and a pan-European approach for the application of the regulations and the management of complaints.

For the majority of companies, the first step that must be taken will be a data privacy audit which will provide an understanding of the What, Why and How of the data processing currently being carried out. Having done this, it will be possible to schedule the necessary steps in order to be ready for the May 2018 deadline. Some of the questions that should be asked by companies include: What personal data is being processed? How is it being processed? Why? Or better, for what reason? What is communicated to the data controllers and data processors? How about to the individuals who provide the data? What are the internal rules and procedures already implemented in the company?

Toffoletto De Luca Tamajo has developed a service for assisting companies to achieve real results quickly and efficiently.


Once  the conformity of the data processed by your company is analysed, we will provide suitable recommendations. The audit will be made to measure for your organisation in order to obtain the maximum advantage in the most direct way. The following aspects will be considered:

  • If there are appropriate policies and procedures already in place and the changes that must necessarily be made;
  • The categories of data being processed and the legal basis for such processing;
  • If it is necessary to analyse the impact on privacy for specific “high risk” market sectors;
  • Who are the appointed individuals and what changes will be necessary in order to comply with the new regulation;
  • Understanding of the responsibilities and training;
  • How the organisation deals with the rights of the individuals concerned in relation to the access, modification or cancellation of the data;
  • Assessment of the records on the accuracy of the data processing and storage;
  • Drafting of the procedures in the event of a data breach; 
  • Assessment of the technical aspects and the organisational model for guaranteeing adequate data protection;
  • The transfer of data abroad (where applicable);
  • The data transfer model for the transfer of data to third parties.

We can therefore help your company to assess the situation at hand, fill in any gaps, as well as implement the necessary tactics so as to be compliant with the GDPR requirements.


The service is provided on a fixed fee basis which will be agreed upon in advance and will depend on a number of variable factors, by way of example, the interviews to be carreid out, the number of operational sites, the size of the organisation and the complexity of the processed data and the procedures already in place.


For further information, please contact Paola Pucci (Firm partner, DPO and head of the firm's Data Privacy team). Contact us >

Paola Pucci

Paola Pucci