Departments – Privacy

In a reality where information is the new oil, knowing how to balance the use of personal data and the protection of fundamental rights is essential for the smooth running of a business.

Since the entry into force of the General Data Protection Regulation (GDPR), the professionals at Aiternalex have always been committed to assisting their clients in the preparation of the technical and organizational measures necessary to ensure full compliance with the regulation.

The joint work of tech and legal professionals and the always legal engineering-oriented approach allow the ‘Aiternalex method’ to find innovative and customized solutions according to each clients’ needs.

In addition, Aiternalex provides judicial and extrajudicial advice in the exercise of personal data rights, including assistance in litigation before the Data Protection Authority.

GDPR Compliance

Aiternalex provides its IT and legal expertise to find innovative solutions that enable clients to be compliant with GDPR obligations at all times.

In particular, the Data Protection Department provides the following services:

  • Analysis on legal compliance with GDPR
  • Assistance in drafting forms and contracts required by the GDPR
  • Identifying and compiling the treatment register
  • Assistance in carrying out the ‘Data Protection Impact Assessment’ (DPIA).
  • Definition of training plans for company employees
  • Assistance in defining corporate policies on ‘privacy by design and by default’
  • Assistance in defining effective security measures through risk analysis of personal data processing.
  • Technical analysis of the business tools used by the customer.

The GDPR has imposed on those who carry out personal data processing activities the adoption of a series of preventive assessment tools on these activities aimed at protecting the data subject. This includes the figure of the Data Protection Officer (DPO), whose failure to designate him or her in cases where this is mandatory can lead to very heavy penalties.

The function of the DPO is to facilitate compliance and increase the competitive edge of companies through accountability tools. Furthermore, this figure has the task of assisting the data controller in interfacing with other stakeholders, in particular supervisory authorities and data subjects.

Aiternalex assists its clients by providing its services as an outsourced Data Protection Officer or by supporting the internal DPO office.


Data Breach Recovery

In the event of data breach events and in order to avoid the continuation of potentially damaging situations vis-à-vis data subjects, the GDPR lays down very stringent obligations on those who process the personal data of others.

In fact, the GDPR imposes an obligation on every data controller to notify the supervisory authority of any breach of security that has resulted or may result in the destruction, loss, alteration, unauthorised disclosure of or access to personal data, regardless of the cause.

Notification shall be effected without undue delay and, where possible, within 72 hours of knowledge of the breach. Should the notification be made after 72 hours, the data controller shall be obliged to give reasons for the delay. In view of the timeliness of the notification and the degree of detail of the contents of the notification, the data controller must provide itself in advance with internal procedures for timely notification as well as with crisis management procedures.

The law firm Aiternalex provides assistance in the preparation of technical and organisational measures to manage data breach events.