The risk assessment of the privacy management system is aimed to identify the status of the company’s compliance with the current legislation related to the personal data protection. Through the conduction of interviews with the managers of the different company’s departments, the documentation related to the following will be collected and analysed:
– policy and procedures
– Organizational structure of privacy (Data processor and persons in charge) with appointment and designation documents
– Data subjects’ information notes
– Contractual clauses for data transfer to third parties
– Performed data processing and the type of processed data
– Minimum and suitable physical and logical security measures
– Data processing that foresee a notification to the Data Protection Authority
– Specific issues related to your business target and objectives.
Possible areas for improvement and deficiencies in your management system will be identified and an adjustment plan in compliance with the current legislation will be provided. Moreover, indications about the European Regulation 2016/679, related to the natural persons protection regarding the personal data processing and their free circulation, will be provided in order to avoid being unprepared on May 25th 2018, when that regulation will be applicable.
AGM Solutions offers consulting services to carry out risk assessment of the company’s privacy system management.
Monitoring a management system is an activity of particular importance for companies in order to compare between the correspondence of the different carried out activities – by the tested system with the current legislation related to the personal data protection, policy and company’s procedures – and the companies’ objective to determining their conformity. After having identified processes/products/programs/systems to be audited, our consultants curry out different monitoring activities: -Defining the Audit plan -Conducting interviews with the identified referees -Supporting documentation collection -Analysing the collected information and documentation -Identifying the non-compliances (legislative and/or internal policies and procedures) -Drafting and finalizing the audit reports -Defining the recovery plan for any non-compliances AGM Solutions offers consulting services to carry out auditing activities related to privacy and personal data protection.
DATA PROTECTION OFFICER
DPO: Data Protection Officer The European Regulation 2016/679 related to the natural persons protection regarding personal data processing and their free circulation, which will enter into force on May 25th 2018, introduces –among the key figures- The Data Protection officer “DPO”. The DPO must necessarily be designated in the following cases: – When the data processing activities are carried out by a public authority or by a public body (except for judicial authorities on duty); – When the data processing consists of and requires regular and systematic monitoring of the concerned individuals on a large scale; – When the data processing concerns, on a large scale, sensitive data relating to criminal convictions and offenses. The DPO who is appointed by the Data Controller or by the Data Processor, must perform their tasks independently and report their activities directly to the company top managers. Their appointment must not be object of conflicts of interest. The main assigned responsibilities to the DPO are: – Provides advice to the Data Processor or to the Data Controller on obligations referred to in the 2016/679 Regulation. – Monitors the compliance with the Regulation – Acts as a contact point for the concerned parties to exercising their rights – Cooperates with the Personal Data Protection Authority. The DPO can be a Data Controller or Data Processer’s employee, or can be even be an external contractor carrying out their tasks on a service contract basis. AGM Solutions offers consulting services to assist companies in adapting the 2016/679 European Regulation and has available professionals specialized in law who can cover the role of the Data Protection Officer.
DATA PROTECTION IMPACT ASSESSMENT
Data Protection Impact Assessment (DPIA) The risk analysis process is designed to assess the threats and vulnerabilities related to a company’s assets which are linked to personal data. The final result of the process is the evaluation of the effective overall risk or the risk split in its security dimensions (data availability, confidentiality and integrity). Based on the identified risks, the risk management process is subsequently defined, which consists of a set of guidelines aimed to identify the security countermeasures needed to mitigate the previously identified risks. AGM Solutions offers consulting services to assist companies