- We detect and analyze the existing organizational and documentary system, the existing data processing, third parties involved
- We make an acknowledgment of the existing technical-organizational measures for data protection
- We draw a matrix of the existing safety measures, with regard to the minimum requirements, the necessary and the suitable ones
Consulting, Knowledge and GDPR Implementation Related Services
- We identify and make the applicable legal requirements for the Holder Controller in scope emerge, considering both the new regulation and the compatible applicable laws
- We identify the organizational and operative measures to guarantee the fulfillment of the applicable regulatory requirements
- We identify the checking procedures that guarantee the Data Protection Officer supervisory action as well as the Controller’s compliance.
- We detect and record the existing facilities for all processing that are part of the record of processing activities, included technical-organizational measures
- We assess the suitableness of the existing facilities through a walkthrough of checks
- We assess the risk of unauthorized accesses and data loss or data destruction for all censused data processing
This essential tool, laid down by the Regulation, aims at supplying a proof of the assumption of responsibility endorsed by the company to pinpoint high risk data processing and plan containment and mitigation measures
- Assessment of the impacts according to recital 75 of the Regulation, for all high risk data processing
- Determining the measures to be implemented, in order to bring the risk level back to a reasonable rate
- Essential tool to show an adequate level of Accountability
- Defining the adjustment settings for all the detected gaps, with regard to the organizational, operational and technical impacts
- Prioritization of interventions in accordance with the risk reduction and the technical, organizational and operational feasibility
- Defining an adjustment plan, pinpointing owners, impacted structures, necessary resources and times
Privacy & Risk Management Solutions
- Outsourced DPO services, in accordance with Article 37 GDPR
- Calibrated on specific organizational needs, it takes over specific tasks towards the organization and external stakeholders
- Equipped with IT systems for an effective management of every organizational Data Protection related task
- ValueDataTrust guarantees its constant update, support and continuing education
Privacy Management Tools (PMT) are software tools supporting the work of the figures working in the Privacy/Data Protection departments (for instance, Data Privacy Officer)
A PMT software allows to:
- manage impact evaluations, and risk related analysis in data processing over time, issuing an easy to ready report in every progress of the privacy program
- assign, communicate, document the responsibility of all the organizational activities through a report which ensures the integration of privacy in all operating and business units
- helps Privacy Office showing ‘accountability‘ and compliance (GDPR, Article), also using evidence-based quantitative metrics for its specific privacy program
Upon specific agreements, ValueDataTrust can propose the best solutions for the Italian market
ValueDataTrust offer the possibility to access international databases, also providing sectorial benchmark studies on the privacy program progress
According to a recent survey carried out by Lloyd’s, 92% of the interviewed companies reported a violation of their computer security in the last 5 years. Despite that, few people seem to know there are insurances protecting against cyber risks (in Italy, only 23% of people.)
How much does a data breach cost? It can cost a lot in damages and compensation to third parties, for the spread of personal data (especially when data breach consequences put people’s fundamental rights at stake,) or because of a malware. The loss of reputation may be an even bigger cost to face, as much as fixing the damaged reputation a company suffered.
ValueDataTrust can support the risk assessment for a cyber crisis to be fought not only using suitable preventive measures but also through innovative insurance tools able to limit heavy consequences, even financial ones.
The European General Data Protection Regulation EU 679/2016 (GDPR) pursues the principle of liability for a company dealing with personal data, also outlining the need for its employees to know and have deep knowledge of its basic principles, best practices, risks associated with processing of personal data. Sometimes a refresher training on legislation on processing of personal data is also required.
ValueDataTrust offers training for every organizational level, providing special training for Compliance and Data Privacy related tasks and updating training for all company positions using or being in contact with systems and applications featuring personal data.