Data Protection Regulation (GDPR)
We support companies to continually improve their performance through the process of compliance to the new General Data Protection Regulation, definitively approved by European Parliament on April 14, 2016.
We have always worked in an international context, supporting companies doing all necessary activities to enforce all the innovations and regulatory changes imposed by General Regulation concerning data protection field as:
- principles of “privacy by design” and “privacy by default”;
- preparation of Activity Log;
- Impacts analysis
- Data Protection Officer (DPO);
- adoption of appropriate security measures;
- obligation to notify in the case of a personal data breach;
- new rights of stakeholder's management;;
- major responsibilities of Data processors;
- drafting of new information notice for personal data processing. .
Our team can provide any kind of consulting activity, regulatory and technical, with the necessary expertise acquired in years of national and international consulting related to all regulatory requirements provided by GDPR in order to reach the company’s compliance, by the implementation of an effective Governance system of “Data Protection”, efficient and integrated with other management systems and regulations already operated in the company. Getsolution is a part of:
GETSOLUTION in UNINFO/UNI:
- Working group UNINFO/UNI ANPR “Professional profiles related to Privacy”, to which is also participating the Italian Data Protection Authority
- Working Group “Technology and techniques for Privacy protection and personal data“, in which is also involved the Italian Data Protection Authority
Data Protection Officer
The Data Protection Officer (D.P.O) is a new professional identified by General Data Protection Regulation who provide consulting activity to company on data protection and constantly verify compliance with the legislation.
A DPO must have specific and proven expertise in the personal data protection field, must be independent and report to the the board, guaranteeing the absence of conflicts of interest.
According to GDPR the DPO could be an external entity that operates through a service contract.
Getsolution performs for companies the role of “Data Protection Officer” in accordance with its relevant expertise in the Data Protection field, gained both nationally and internationally as well.
As Data Protection Officer we will provide both implementation of obligations provided by General Data Protection Regulation and we will supervise personal data protection compliance within the company, as well as to constantly improve “Governance on Data Protection” system until it will reach the maximum of effectiveness and efficiency, integrating with existing management systems or with other rules that the company must respect.
Acting as “Data Protection Officer” we will be responsible for representing the customer company in front of Control Authority as well as for data subjects of the data processing activities, bringing concrete and irrefutable evidence of the correct and complete implementation of the procedures required by GDPR.
A Data Protection Officer has great responsibilities, that we are widely proud, providing “added value” to companies, so as to be recognized in the company as a figure who does not only manage the compliance to GDPR, but he also proving an extensive experience on related issues.
We can count on professional figures in our staff qualified to perform the role of Data Protection Officer certified according to the UNI 11697:2017 standard.
GDPR and Big Data
Even if Big Data is a trend topic, the most are afraid of their “distorted” potentialities, but this is a big challenge that everyone must undertake with the aim to guarantee our personal data protection.
We rise to the challenge with enthusiasm and proficiency. Our know-how in the fields of “Data Protection”, DMP (Data Management Platform), Digital Marketing, Targeting, Marketing, Cookies, Fingerprint, Anonymization, is the key to support our clients creating, implementing, managing related to BIG DATA to develop their business, in compliance with actual Data Protection Regulation.
Our company works on the international stage and it is involved in complex Data Protection and BIG DATA items, aimed by the pursuit of customized marketing solutions, a technically reachable goal but with a lot of implications on Data Protection, requiring an expert, detailed, constant, specific, and complete approach of the GDPR.
D. Lgs. 231/01
Rules of administrative liability for legal entities, companies and associations without legal status
We assist companies in complying with the provisions of Italian Legislative Decree 231/01, entitled “Rules of Administrative Liability for legal entities, companies and associations without legal status”.
Italian Legislative Decree 231/01 requires companies to show the implementation of a Corporate Organizational Model aimed at preventing the occurrence of such crimes.
The operational steps that lead to the drafting of the Organizational Model, and therefore represent the contents of the same, are the following:
- The identification of the activities in which such crimes can be committed
- Risk analysis concerning crimes
- The definition of checks to be put in place in order to prevent the occurrence of such crimes.
- The drafting of a company code of ethics
- The constitution of a supervisory body and the definition of its relative responsibilities
- The determination of obligations in terms of reporting to the supervisory body
- The establishment of a disciplinary system for sanctioning any non-compliance with the measures indicated in the organizational models
- The scheduling and implementation of training
We also deal with:
- Collaboration with the Supervisory Body, assisting the client with all matters in which the Supervisory Body is involved.
- The organization of the training courses required by law for all employees, including senior management, according to two methods.
Sarbanes Oxley Act
“Public company accounting reform and investor protection act of 2002”
The Sarbanes Oxley Act, which was introduced in the U.S. in 2002, requires companies listed on the NYSE and NASDAQ (including those of the EU), as well as their subsidiaries, to establish a structured and continuous process for the implementation and evaluation of the effectiveness of internal controls aimed at preventing the following crimes:
- Fraudulent financial reporting
- Misappropriation of assets
- Expenditures and liabilities incureed for improprer or illegal purposes
- Fraudulently obtained revenue and assets and/or avoidance of costs and expenses
We assist the aforementioned companies, operating within both the Finance and IT sectors, in complying with legislative requirements imposed by Sarbanes Oxley Act (SOX) through the implementation of the C.O.S.O. model (Committee of Sponsoring Organizations of the Treadway Commission), namely:
- Risk Analysis: the identification of the areas at risk and the possible ways in which the aforementioned crimes may occur, including an assessment of the level of each risk identified.
- Risk Management: The identification of the Financial and IT controls to be carried out in the aforementioned areas in order to prevent the onset of the risks established by the Risk Analysis
- The redefinition of the processes analysed, with the introduction of the controls defined by the Risk Management activities
- The performance of periodic internal audits, the objective of which is to verify the correct implementation of the controls and their effectiveness in the prevention of crimes.
- Support with regard to the relations between the company’s headquarters and its various international sites
- Support in relation to the internal audits organized by the company’s headquarters
- Support in relation to third-party audits
- Maintenance and continuous improvement of the implemented “Sarbanes Oxley Act (SOX) Governance” model
“Provisions for the protection of savings and the regulation of the financial markets”
The provisions introduced by Italian Law no. 262/05, also known as the “Savings Law”, affect all companies listed on the Italian market, whether Italian or foreign, and introduce a number of requirements with which these companies must comply.
These requirements affect various company aspects, including corporate affairs, company organization, business communications and internal audits.
In fact, the legislation requires:
- Increased accountability at a managerial level with regard to corporate communications, with an impact on the roles and responsibilities of the senior management and internal auditors;
- A strengthening in corporate communications to the market and investors, particularly in terms of the obligations to disclose and certify the veracity of the economic- financial documents issued;
- The identification of the processes that lead too the aforementioned disclosures, through the mapping of the economic-financial and capital flows used to generate the data and documents issued to the market;
- The establishment of appropriate procedures for the formalization of the activities described within these processes;
- The assurance that these activities are implemented, via periodic checks verifying the suitability and practicality of the identified controls;
- The identification of a responsible figure in charge of preparing the accounting records;
- Statutory changes regarding the formalization of the nominations and the compliance of the Corporate Governance practices (secret ballots, increases in the number of independent directors, increases to the shareholdings of minority shareholders, changes to the composition of the corporate bodies, etc.).
Our team carries out many activities:
- definition of processes and procedures suitable for compliance;
- audit, pre-audit and continuous monitoring and improvement control of the practices;
- training activities (including e-learning);
- information and disclosure both at managerial and operational level, in relation to the changes implemented;
- closely follow the evolution of corporate governance by transforming a mandatory fulfillment into an opportunity for efficiency and improvement of the corporate supervision of economic / financial processes.
The Mobility Manager is a professional expert provided for by the so-called “Decreto Rilancio”, the Italian Legislative Decree issued on 19 May 2020, which endows companies with technical support regarding decisional and managerial activities in the field of sustainable mobility.
The Legislative Decree of 12 May 2021 referring to the “Implementing rules concerning the Mobility Manager figure” requires that any single firm’s operating headquarter counting more than 100 employees and located either in a regional capital, a Province capital or within the Metropolitan City’s administrative boundaries with more than 50.000 inhabitants, should adopt a Domicile-Work Mobility Plan.
Our Mobility Manager advisor performs the following tasks:
- Collect, analyse, and process the information about the employees’ commuting activities and the mobility solutions offered within the affected area, suggest new accommodating modalities for a sustainable mobility program excluding the use of private motor vehicles.
- Produce the Domicile-Work Mobility Plan in compliance with the “Domicile-Work Plan commuting guidelines”.
- Set up and manage an intervention agenda based on the employees’ mobility requirements while encouraging the use of alternative means of transport such as car pooling and sharing, shared taxi, bikes, public transport, and any other non-polluting solutions.
- Sustain the adoption and the update of the Domicile-Work Mobility Plan.
- Evaluate the employees’ satisfaction degree gathered through dedicated surveys.
- Keep relations with both public and private institutions involved in the employees' commuting activities.
- Launch information campaigns to raise awareness on sustainable mobility issues.
Our staff includes professionals holding the Mobility Manager position thanks to their high-profile qualification in this field.
Responsible for Digital Document Preservation
According to the brand new AgiD standards, companies are compelled to appoint their own Responsible for Digital Document Preservation. This professional figure is qualified with informatic, legal and archival hard skills, and is required to fulfil a variety of specific tasks defined by the regulation..
In cooperation with Menocarta, Getsolution offers a highly qualified staff showing great professional experience over the position of Responsible for Digital Document Preservation. Our approach follows different planning stages, which can best help to identify and process any portion of the digital document from its very creation to its final preservation as provided by law. Technical information is contained in the Preservation Manual, which also describes the operating organizational structure as well as the different documental resources, the adopted metadata system, the preservation process, and the monitoring activities. The Manual also provides legal terminology insights.
Our advisory in Digital Document Preservation consists of:
- Guaranteeing a full legal compliance with the existing standards.
- Safeguarding the validity and the non-adjustability of digital documents and archives thanks to a dedicated control system.
- Protecting the probative value, the non-enforceability to third parties and the document content validity.
- Holding the position of Responsible for Digital Document Preservation