Data Protection Regulation (GDPR)

We support companies to continually improve their performance through the process of compliance to the new General Data Protection Regulation, definitively approved by European Parliament on April 14, 2016.


We have always worked in an international context, supporting companies doing all necessary activities to enforce all the innovations and regulatory changes imposed by General Regulation concerning data protection field as:

  • principles of “privacy by design” and “privacy by default”;
  • preparation of Activity Log;
  • Impacts analysis
  • Data Protection Officer (DPO);
  • adoption of appropriate security measures;
  • obligation to notify in the case of a personal data breach;
  • new rights of stakeholder's management;;
  • major responsibilities of Data processors;
  • drafting of new information notice for personal data processing. .

Our team can provide any kind of consulting activity, regulatory and technical, with the necessary expertise acquired in years of national and international consulting related to all regulatory requirements provided by GDPR in order to reach the company’s compliance, by the implementation of an effective Governance system of “Data Protection”, efficient and integrated with other management systems and regulations already operated in the company. Getsolution is a part of:


  • Working group UNINFO/UNI ANPR “Professional profiles related to Privacy”, to which is also participating the Italian Data Protection Authority
  • Working Group “Technology and techniques for Privacy protection and personal data“, in which is also involved the Italian Data Protection Authority
Total Lockdown
Regulatory Announcements

Data Protection Officer

The Data Protection Officer (D.P.O) is a new professional identified by General Data Protection Regulation who provide consulting activity to company on data protection and constantly verify compliance with the legislation.


A DPO must have specific and proven expertise in the personal data protection field, must be independent and report to the the board, guaranteeing the absence of conflicts of interest.

According to GDPR the DPO could be an external entity that operates through a service contract.

Getsolution performs for companies the role of “Data Protection Officer” in accordance with its relevant expertise in the Data Protection field, gained both nationally and internationally as well.

As Data Protection Officer we will provide both implementation of obligations provided by General Data Protection Regulation and we will supervise personal data protection compliance within the company, as well as to constantly improve “Governance on Data Protection” system until it will reach the maximum of effectiveness and efficiency, integrating with existing management systems or with other rules that the company must respect.

Acting as “Data Protection Officer” we will be responsible for representing the customer company in front of Control Authority as well as for data subjects of the data processing activities, bringing concrete and irrefutable evidence of the correct and complete implementation of the procedures required by GDPR.

A Data Protection Officer has great responsibilities, that we are widely proud, providing “added value” to companies, so as to be recognized in the company as a figure who does not only manage the compliance to GDPR, but he also proving an extensive experience on related issues.

We can count on professional figures in our staff qualified to perform the role of Data Protection Officer certified according to the UNI 11697:2017 standard.

GDPR and Big Data

Even if Big Data is a trend topic, the most are afraid of their “distorted” potentialities, but this is a big challenge that everyone must undertake with the aim to guarantee our personal data protection.


We rise to the challenge with enthusiasm and proficiency. Our know-how in the fields of “Data Protection”, DMP (Data Management Platform), Digital Marketing, Targeting, Marketing, Cookies, Fingerprint, Anonymization, is the key to support our clients creating, implementing, managing related to BIG DATA to develop their business, in compliance with actual Data Protection Regulation.

Our company works on the international stage and it is involved in complex Data Protection and BIG DATA items, aimed by the pursuit of customized marketing solutions, a technically reachable goal but with a lot of implications on Data Protection, requiring an expert, detailed, constant, specific, and complete approach of the GDPR.

Government Measures

D. Lgs. 231/01

Rules of administrative liability for legal entities, companies and associations without legal status

We assist companies in complying with the provisions of Italian Legislative Decree 231/01, entitled “Rules of Administrative Liability for legal entities, companies and associations without legal status”.


Italian Legislative Decree 231/01 requires companies to show the implementation of a Corporate Organizational Model aimed at preventing the occurrence of such crimes.

The operational steps that lead to the drafting of the Organizational Model, and therefore represent the contents of the same, are the following:

  • The identification of the activities in which such crimes can be committed
  • Risk analysis concerning crimes
  • The definition of checks to be put in place in order to prevent the occurrence of such crimes.
  • The drafting of a company code of ethics
  • The constitution of a supervisory body and the definition of its relative responsibilities
  • The determination of obligations in terms of reporting to the supervisory body
  • The establishment of a disciplinary system for sanctioning any non-compliance with the measures indicated in the organizational models
  • The scheduling and implementation of training

We also deal with:

  • Collaboration with the Supervisory Body, assisting the client with all matters in which the Supervisory Body is involved.
  • The organization of the training courses required by law for all employees, including senior management, according to two methods.

    Sarbanes Oxley Act

    “Public company accounting reform and investor protection act of 2002”

    The Sarbanes Oxley Act, which was introduced in the U.S. in 2002, requires companies listed on the NYSE and NASDAQ (including those of the EU), as well as their subsidiaries, to establish a structured and continuous process for the implementation and evaluation of the effectiveness of internal controls aimed at preventing the following crimes:

    • Fraudulent financial reporting
    • Misappropriation of assets
    • Expenditures and liabilities incureed for improprer or illegal purposes
    • Fraudulently obtained revenue and assets and/or avoidance of costs and expenses

    We assist the aforementioned companies, operating within both the Finance and IT sectors, in complying with legislative requirements imposed by Sarbanes Oxley Act (SOX) through the implementation of the C.O.S.O. model (Committee of Sponsoring Organizations of the Treadway Commission), namely:

    • Risk Analysis: the identification of the areas at risk and the possible ways in which the aforementioned crimes may occur, including an assessment of the level of each risk identified.
    • Risk Management: The identification of the Financial and IT controls to be carried out in the aforementioned areas in order to prevent the onset of the risks established by the Risk Analysis
    • The redefinition of the processes analysed, with the introduction of the controls defined by the Risk Management activities
    • The performance of periodic internal audits, the objective of which is to verify the correct implementation of the controls and their effectiveness in the prevention of crimes.
    • Support with regard to the relations between the company’s headquarters and its various international sites
    • Support in relation to the internal audits organized by the company’s headquarters
    • Support in relation to third-party audits
    • Maintenance and continuous improvement of the implemented “Sarbanes Oxley Act (SOX) Governance” model
    Delivery Permit
    Quarantine Control

    L. 262/05

    “Provisions for the protection of savings and the regulation of the financial markets”

    The provisions introduced by Italian Law no. 262/05, also known as the “Savings Law”, affect all companies listed on the Italian market, whether Italian or foreign, and introduce a number of requirements with which these companies must comply.


    These requirements affect various company aspects, including corporate affairs, company organization, business communications and internal audits.

    In fact, the legislation requires:

    • Increased accountability at a managerial level with regard to corporate communications, with an impact on the roles and responsibilities of the senior management and internal auditors;
    • A strengthening in corporate communications to the market and investors, particularly in terms of the obligations to disclose and certify the veracity of the economic- financial documents issued;
    • The identification of the processes that lead too the aforementioned disclosures, through the mapping of the economic-financial and capital flows used to generate the data and documents issued to the market;
    • The establishment of appropriate procedures for the formalization of the activities described within these processes;
    • The assurance that these activities are implemented, via periodic checks verifying the suitability and practicality of the identified controls;
    • The identification of a responsible figure in charge of preparing the accounting records;
    • Statutory changes regarding the formalization of the nominations and the compliance of the Corporate Governance practices (secret ballots, increases in the number of independent directors, increases to the shareholdings of minority shareholders, changes to the composition of the corporate bodies, etc.).

    Our team carries out many activities:

    • pre-assessment;
    • definition of processes and procedures suitable for compliance;
    • audit, pre-audit and continuous monitoring and improvement control of the practices;
    • training activities (including e-learning);
    • information and disclosure both at managerial and operational level, in relation to the changes implemented;
    • closely follow the evolution of corporate governance by transforming a mandatory fulfillment into an opportunity for efficiency and improvement of the corporate supervision of economic / financial processes.