May 25 approaches: where are we?

Large companies are well advanced in the regulatory process, but the same can not be said of SMEs and public administrations. The experience of these months of work teaches us that it is still possible to do something to get into compliance with the essential requirements. But it must be done soon, because a substantial adaptation to the new legislation is not possible simply by drafting some documents. We need more: legal analysis, organizational analysis, technological assessment and security verification. There is no more time to lose if you do not want to risk sanctions, even quite heavy, and it is useless to rely on the rumors relating to a hypothetical deferment of 6 months, because it was denied by the Privacy Guarantor.

But what to do today that so few days are missing at 25 May?

Things to do absolutely I'm:

• keep under control what is done with the data and in this context the Register of Treatments is fundamental;
• keep up-to-date with the new legislation on consent disclosure;
• approve a model of organization that ensures the data privacy, which identifies who does what, in practice, what is the governance of the data;
• organize (procedurally, technically) to govern at least the obligations on data breach and to respond to requests from interested parties when they want to assert their rights;
• adapt contracts with suppliers.

For this type of activity or for any other requirement related to the setting up of your company at GDPR, Sinergetica has developed a framework - Protection Implementation Model - through which in a short time and with a very low economic commitment it is possible to make acomplete analysis of adaptation needs of your company.