Privacy consultation and data protection
Lan & Wan Solutions provides a team of consultants with consolidated experience in the application of legal obligations relating to data protection and the adoption of suitable technological and organizational measures, in particular in the compliance with GDPR, also known as EU Regulation 679/2016, which became effective on 25 May 2018, with particular reference to the appropriate measures required by art. 32 of the GDPR;
Lan & wan solutions’ advisory can also provide assistance regarding:
Lan & Wan Solutions is able to provide consultancy assistance on the Protection of Personal and Business Data, which involves a series of steps that lead the company to achieve GDPR compliance: Organizational and Technological Assessment, Record of Processing Activities, Data Protection Impact Assessment , Risk Assessment and Adoption Plans for Appropriate Technological and Organizational Measures, are the main elements that constitute a virtuous process for the company that wants to transform the legal obligations of the GDPR, into a fruitful investment.
Steps of our consultancy:
- Organizational Assessment with anamnesis and completion of the matrix to check current policies, privacy organization chart and ongoing processes.
- Vulnerability Scanner with the positioning of a probe within the customer’s networks for the analysis of the vulnerability of each individual node.
- Cyber Treath Assessment with the positioning of a probe for analyzing the flow of data between internal networks and Internet access.
- Check with Auditing software to verify users, profiling and type of authentication, positioning of sensitive data and access sharing.
- Physical verification of company access, access to data center sites, data center environmental situations.
- Technological Assessment with anamnesis and matrix compilation.
- Record of Processing Activities taking into account the data collected through auditing tests and with anamnesis and matrix compilation.
- Optional, only for some companies, the Impact Assessment of Personal Data Processing, particularly indicated (mandatory) for those who carry out processing of critical data. It is performed through the evaluation of previous tests, in particular the auditing and the Record of Processing Activities, followed by an anamnesis and matrix compilation.
- In this step, the compilation of a matrix through anamnesis and taking into account all the data collected in the previous tests to make a detailed Risk Analysis on a complete assessment of the Company Policies, the Privacy Organization Chart, the current processes on data management and the technological system adopted for data protection and processing.
- Preparation of suitable GDPR documentation that includes a centralized digital collection of all the steps carried out with various reports and matrices.
- The GDPR documentation will integrate the Tables with the Indication of the Risk Assessment and the indication of the various points to be fulfilled at the level of: Company Policies to be taken to minimize the risks on the processing of Personal Data, Privacy Organization Chart with the verification of all the necessary appointments, Business Processes to be implemented in order to improve all current managements that do not guarantee a certain and virtuous process in the processing of personal data, and finally, but no less important, changes to be implemented on the Technological Plant in order to eliminate or minimize all the anomalies found in the first step during the various assessment phase.
- The implementation of the Adequate Measures, better defined in the GDPR as the Implementation of the Appropriate Technological and Organizational Measures for the protection of data, are absolutely the process that engages the customer the most (Data Controller) both in economic resources and in human resources. In this process, the Data Controller must first of all make adequate choices, Policies, to decide on the basis of the risk analysis result, how to fulfill them and what priority to give to his Organization and Processes and what changes to make to the Technological System in order to reduce to a minimum and in the shortest possible time, any risks incumbent on his data processing.
- Our suggestion is to tackle this step from an investment and not a cost perspective.
- Optionally, additional services to support the customer company can be integrated into the consultancy, such as:
- Drafting and Supervision for the implementation of an appropriate Business Process plan.
- Design and Implementation / Integration of a technological system sufficient to overcome the challenges of Cyber Security useful for defending your digital network in a balanced way.
- Training to raise awareness and give a basic preparation to the main concepts of Data Protection according to EU Regulation 679/2016
- Optional: Specific Training for particular figures in the privacy organization chart such as:
- Data Processor
- Data Protection Officer (DPO)
- IT System Administrator
- The correct management of the GDPR can be subjected to a quality process, which, like all quality practices, requires the identification of precise steps to be repeated with a certain cadence over time in order to determine a virtuous procedure that improves the result obtained.
- Optional: Lan & Wan Solutions offers GDPR consultancy services with annual fee for:
- Spot consultancy support based on specific needs at the customer’s site
- Quarterly or Monthly Meetings to Supervise Adaptation Plans to Appropriate Measures
- News Letter with information on new legislative changes and regulatory compliance with legal obligations
- Remote consultancy support (telephone or email)
- GDPR documentation update