Data Protection

In the current context, where data collection and use are the order of the day, compliance with the rules applicable to personal data protection has become of paramount importance. Compliance with the provisions of the General Data Protection Regulation (GDPR) and complementary legislation is particularly relevant for players dedicated to activities that entail the processing of sensitive data or personal data processing at a large scale.

Our team advises clients on personal data protection matters, including entities operating in the healthcare, energy, software management technology services, and large retail sectors, among others. Our data protection services include:

• Ongoing advice on personal data protection matters, including the processing of health and genetic data;
• Conducting audits to verify compliance with the requirements applicable to personal data protection;
• Drafting privacy policies and cookie policies;
• Support in the design and implementation of business models in accordance with the applicable framework for personal data protection;
• Conducting Data Privacy Impact Assessments (PIA);
• Preparing and updating records of processing activities;
• Support in analysing and managing personal data breaches and preparing the respective notification to the competent authority;
• Definition of policies regarding data retention periods;
• Negotiation of subcontracting for personal data processing;
• Implementation of ethics hotlines (Whistleblowing Hotlines), BYOD policies, internal regulations on the use of communication technologies
• Loyalty programmes and marketing campaigns.