![2. Valutazione
Report
section
Department / team Issue Inherent
risk score
Action
1.04 Entire business Data sharing takes place
around the Group but there is
no evidence that this is
undertaken on particular terms
or that related information is
logged or recorded in any way.
20 Ensure all data sharing is clearly tracked through a central
privacy clearing team, and regulated under an intra-group
data transfer agreement which sets out clear rules and
restrictions for onward use and secure processing. If there are
processes or agreements in place, refresh these to ensure that all
entities, locations, systems and data types are covered.
1.05 Entire business Data sharing with third parties
routinely occurs, but
disclosures do not appear to be
logged or recorded.
20 Develop a data sharing protocol to regulate transfer / receipt of
data with third parties. This should be supported by guidance on
the contractual safeguards that you expect to be in place to
provide assurance that third parties receiving data will only use it
for limited purposes prescribed, with the information returned or
destroyed at the end of the engagement or when it is no longer
needed (whichever is the sooner) and that they understand the3.03 E-commerce Insurance information is stored
on separate servers that
appear to be more widely
accessible by wider business
teams.
12 Ensure means of transfer are secure when transferring data
within the business or to a third party and that the data is then
handled appropriately once received.
Gap Analisys report
Action plan
A. Employee data:
recruitment and selection
of staff
No. Issue What you should be doing
to meet baseline GDPR
position
What you are doing /
recommended actions
Risk / Impact
A1 Fair processing notice You should limit the personal
data you collect from
application forms etc to the
fields necessary to allow you
to select staff, carry out any
necessary vetting (see
below), populating initial
e m p l o y m e n t r e c o r d s ,
registering with relevant tax
authorities and checking
their immigration status
where necessary (or holding
this on record for checks to
[ Yo u r o u t i n e l y c o l l e c t
personal data from potential
recruits to support the
selection process but you do
not present recruits with a
standard form privacy policy
in the application process]
ACTION :
[e.g. Prepare standard
privacy policy for new
r e c r u i t s . I n c o r p o r a t e
reference to the policy into
Impact - significant
Likelihood - likely](https://image.slidesharecdn.com/eventoaigi-presentazionesugdpr-pdf-170217135539/75/Privacy-Matters-Come-il-regolamento-privacy-europeo-da-un-problema-puo-diventare-un-vantaggio-competitivo-25-2048.jpg)
Uploaded byGiulio Coraggio
#Privacy Matters - Come il regolamento privacy europeo da un problema può diventare un vantaggio competitivo
The document discusses the implications of privacy regulations on businesses, emphasizing the need for constant data mapping, clear data sharing protocols, and employee privacy assessments. It outlines the responsibilities of organizations in protecting data and the importance of privacy strategies in gaining competitive advantages. The piece also highlights various compliance measures and continuous monitoring required to adhere to evolving privacy standards.
Law◦
More Related Content
Similar to #Privacy Matters - Come il regolamento privacy europeo da un problema può diventare un vantaggio competitivo
#Privacy Matters - Come il regolamento privacy europeo da un problema può diventare un vantaggio competitivo
- 1. 1 #PrivacyMatters e come laprivacy può diventare da un problema un vantaggio competitivo Giulio Coraggio Partner - DLA Piper Studio Legale Head of Technology Sector and Global Internet of Things Group Giulio.Coraggio@dlapiper.com Gianluigi Marino Lawyer - DLA Piper Studio Legale Gianluigi.Marino@dlapiper.com Rosy Cinefra Senior Counsel - CA Technologies Rosy.Cinefra@ca.com privacymatterstoday@gmail.com
- 2.
- 3. la grande “onda”del regolamento privacy sta arrivando…
- 6. Ma quando siapplica?
- 7. periodo di conservazione diritto di reclamo basegiuridica del trattamento diritto alla portabilità dei dati Registro dei trattamenti la mappatura dei dati deve essere costante
- 8. bisogna controllare chi trattai dati per voi? agenti
- 9. l’intera organizzazione aziendale devecambiare… #PrivacyMatters
- 10. e siamo nelbel mezzo della sfida della digitalizzazione
- 11. clienti clienti la parola magicaè “profilazione” dipendenti fornitori dipendenti
- 12. dovete crearvi unadifesa
- 13. il data protectionofficer non può essere il solo garante interno della privacy
- 14. ma il regolamentoaiuta i vostri concorrenti
- 15. profilo clienti autorizzati a“rubare” i dati dei vostri clienti?
- 16. Right to be forgotten come massimizzarnei benefici?
- 17. la protezione deidati può essere complessa
- 18. e siete obbligatia proteggere i dati con misure di sicurezza “appropriate”
- 21. e in casodi “data breach”
- 22. Privacy by design e bydefault Security by design Privacy impact assessment Policy interne privacy e cyber risk Data protection officer Polizza assicurativa cyber risk ci sono gli strumenti per proteggersi
- 23.
- 24.
- 25. 2. Valutazione Report section Department /team Issue Inherent risk score Action 1.04 Entire business Data sharing takes place around the Group but there is no evidence that this is undertaken on particular terms or that related information is logged or recorded in any way. 20 Ensure all data sharing is clearly tracked through a central privacy clearing team, and regulated under an intra-group data transfer agreement which sets out clear rules and restrictions for onward use and secure processing. If there are processes or agreements in place, refresh these to ensure that all entities, locations, systems and data types are covered. 1.05 Entire business Data sharing with third parties routinely occurs, but disclosures do not appear to be logged or recorded. 20 Develop a data sharing protocol to regulate transfer / receipt of data with third parties. This should be supported by guidance on the contractual safeguards that you expect to be in place to provide assurance that third parties receiving data will only use it for limited purposes prescribed, with the information returned or destroyed at the end of the engagement or when it is no longer needed (whichever is the sooner) and that they understand the3.03 E-commerce Insurance information is stored on separate servers that appear to be more widely accessible by wider business teams. 12 Ensure means of transfer are secure when transferring data within the business or to a third party and that the data is then handled appropriately once received. Gap Analisys report Action plan A. Employee data: recruitment and selection of staff No. Issue What you should be doing to meet baseline GDPR position What you are doing / recommended actions Risk / Impact A1 Fair processing notice You should limit the personal data you collect from application forms etc to the fields necessary to allow you to select staff, carry out any necessary vetting (see below), populating initial e m p l o y m e n t r e c o r d s , registering with relevant tax authorities and checking their immigration status where necessary (or holding this on record for checks to [ Yo u r o u t i n e l y c o l l e c t personal data from potential recruits to support the selection process but you do not present recruits with a standard form privacy policy in the application process] ACTION : [e.g. Prepare standard privacy policy for new r e c r u i t s . I n c o r p o r a t e reference to the policy into Impact - significant Likelihood - likely
- 26.
- 27. Privacy by design e bydefault Security by design Privacy impact assessment Policy interne privacy e cyber risk Data protection officer Polizza assicurativa cyber risk 4.Attuazione
- 28. 5.Monitoraggio è un continuo“work in progress”
- 29. 29 #PrivacyMatters Giulio Coraggio Partner -DLA Piper Studio Legale Head of Technology Sector and Global Internet of Things Group Giulio.Coraggio@dlapiper.com Gianluigi Marino Lawyer - DLA Piper Studio Legale Gianluigi.Marino@dlapiper.com Rosy Cinefra Senior Counsel - CA Technologies Rosy.Cinefra@ca.com privacymatterstoday@gmail.com
- 30. 30 #PrivacyMatters Giulio Coraggio Partner -DLA Piper Studio Legale Head of Technology Sector and Global Internet of Things Group Giulio.Coraggio@dlapiper.com Gianluigi Marino Lawyer - DLA Piper Studio Legale Gianluigi.Marino@dlapiper.com privacymatterstoday@gmail.com Rosy Cinefra Senior Counsel CA Technologies Giovanni Cerutti Senior VP, General Counsel, Compliance & Risk NTT Data EMEA Giuseppe Bellazzi Manager Legal and Litigation Department Intesa Sanpaolo Fabio Fiumanò Legal Manager and Local Compliance Officer Intesa Sanpaolo Giuseppe Catalano Company Secretary, Head of Corporate Affairs Assicurazioni Generali Responsabile Territoriale Lombardia e Liguria AIGI