Privacy & IT Compliance
The correct circulation of data, the related protection through appropriate IT security measures and compliance with national and European regulations have now become top priorities for any economic operator, particularly as a result of the widespread distribution of hi-tech digital tools which allow the use, availability and sharing of data beyond the physical (dematerialisation), time-based (real-time) and jurisdictional (cloud) confines traditionally focused on and regulated by law.
Privacy, understood not only as the right to confidentiality, but rather as the right to data use and protection, a genuinely valuable resource for any company wishing to compete and stand out, also thanks to sophisticated customer data profiling and marketing techniques, has become a crucial element of any policy of company compliance and strategic growth on the reference markets, and a real litmus test of the asset corporate governance of any successful company.
The spread and rapid success of the Internet and e-commerce have transformed simple personal data into information that can generate profit.
The legal services associated with the issue of Privacy and Information Technology include any possible aspect relating to personal data protection, from the preparation of data security contracts, to the drafting of due diligence reports, the drafting of T&C’s for the use of various services provided via the Internet, to assistance in the event of the violation of regulations governing IT security, up to the management of disputes before the competent national and European courts and the Italian Data Protection Authority.
Privacy compliance concerns both the internal dynamics of companies, from the correct compliance in respect of employees also in close relation with the applicable employment regulations (video-surveillance, BYOD, DLP, biometrics, forensic tools, use of sensitive data), and business dynamics, in particular in the marketing sector, profiling, assignment and communication of data, to operations involving the transfer of data abroad, including but not limited to M&A transactions, restructurings and securitisations.
Privacy therefore fully encompasses private law and contracts, administrative law, corporate law, labour law and, increasingly, criminal law (especially white collar crimes and forensic investigations).
In this respect, the most exposed industrial/goods sectors, in which the Office has monitored complex and fundamental transactions regarding the processing of personal data in both the public and private sectors are the following: electronic communications, pharmaceutical, consumer credit and insurance, commercial information brokerage, luxury goods industry, digital value-added, retail, but also traditional heavy industry, handling a number of activities in the areas of direct marketing, biometrics, life sciences, transfer of data abroad using instruments constituting an alternative to consent such as SCC, BCR and SH.
The activity may be of interest to those who, in various capacities and for different purposes, also incidentally, require ad-hoc assistance (e.g. privacy assessment, internal audit activities, assistance during Italian Data Protection Authority investigations) and continuous support (review of internal documents and company processes) such as, for example, the drafting of legal notes for websites and of strategic marketing policies.
Privacy and Personal data protection
In the Privacy and Personal data protection sector, we offer the highest possible level of expertise in the performance of ordinary and extraordinary advisory activities, both in court and out-of-court, providing a genuine, highly specialised and all-round “privacy impact assessment”.
Nctm has dealt with complex and essential transactions regarding the processing of personal data in both the public and private sectors, with particular reference to the following markets; electronic communications, luxury goods industry, digital, retail, consumer credit and insurance, handling a number of activities in the areas of direct marketing, biometrics, life sciences and the transfer of data abroad using instruments constituting an alternative to consent such as SCC, BCR and SH.
Our specially dedicated team, the only one among the international sector leaders to be cited by the most important legal directories, is able to offer the most comprehensive assistance to the major commercial and industrial groups and companies, both Italian and foreign, in relation to numerous activities:
- General compliance;
- Audits of legal compliance, advising, preparation of documents and legal assistance regarding personal data processing;
- Assistance and advisory service regarding complaint/appeal/reporting and inspection and assessment proceedings brought by the Italian Data Protection Authority;
- Assistance and advisory service for the drafting and revision of contracts relating to or entailing the processing of personal data (contracts for the transfer of databases, commercial information, statistical surveys, marketing);
- Assistance and advisory service for the correct fulfilment of legal obligations, with specific reference to the processing of personal data for marketing and commercial communication (marketing using automated systems, telemarketing, spam and soft-spam, e-commerce) purposes, and for profiling objectives; correct identification of roles and responsibilities, arrangement of promotional campaigns, stipulation of contracts for the purchase/sale of databases and information-sharing agreements;
- Assistance and advisory service in the case of a data breach in the relevant sectors (electronic communications and credit sector);
- Assistance and advisory service with particular regard to prize-giving events and the proper configuration of the personal data processing methods;
- Simulation of audits and investigations by the Authorities and on-site assistance in the event of investigations by the Italian Data Protection Authority and/or the Guardia di Finanza (Italian Tax Police);
- Personnel training and refresher courses with specific reference to the relevant legislation in force governing personal data protection.
Information Technology & Cyber Security
Nctm’s expertise in the Information Technology field is characterised by in-depth knowledge of innovation and strategic processes.
Our extensive knowledge of the market in this sector, acquired thanks to a high level of specialisation over the years, enables us to work towards improving the specific business goals of our customers.
With specific reference to the security of IT systems and Cyber Security, we help our customers with matters regarding the protection and secure transmission of data, digital authentication, analysis of IT risks, breach methods and countermeasures, security techniques in web and mobile applications, websites and social networks as well as cloud systems.
Therefore, in the IT field, we offer a complete range of legal services to domestic and international companies, with particular regard to:
- Data protection and Data security;
- Big Data and Open data;
- IT security and Cyber-Security,
- Cloud services;
- Repression of unlawful acts carried out over the internet (phishing, data breach, data theft).
The Internet today represents the largest known public space, a genuine network which envelops and connects the entire planet, where millions of pieces of information are exchanged and circulated faster than you can imagine.
In this regard, our team of specialists can offer all-round support with particular reference to:
- Assistance and advisory service for the correct fulfilment of legal obligations, with specific reference to the processing of personal data within the context of websites and social networks;
- Preparation and updating of the T&C’s and privacy policies of websites, social networks, on-line games and prize competitions, mobile applications;
- Assistance and advisory service for the purposes of compliance of websites with “cookie” legislation;
- Training and refresher courses.
Our team of experts can offer a highly-skilled assistance and advisory service regarding web reputation and on-line identity, with specific reference to both natural persons and legal entities (analysis and monitoring of the on-line reputation of brands, trademarks, products and services), as well as regarding the right to be forgotten and retention on the internet of information already collected.
The new economy and the use of electronic and digital tools like platforms for expansion in global markets and, therefore, the progressive evolution of technology and the web have radically altered the traditional commerce sector in recent years, introducing the new frontier of e-commerce, which today has become a reality.
This has inevitably resulted not only in an accelerated conclusion of commercial transactions at global level, but also in an accentuation of the processes of ‘dematerialisation’ of money transfers (E-payments). In such a context, for some time we have also been witnessing exponential growth in the spread of mobile payment services – i.e. services that allow users to manage goods purchases and payments, whether electronic or physical, via a mobile device – whose use has also helped to broaden the types of products and services that can be used, the target audience that operates in this domain and, not least, the quantity of personal data processed.
So, in this regard, we assist our customers by offering a highly specialised advisory service on a range of aspects relating to electronic trading, E-payments as well as the protection of information and consumers;
- Preparation and revision of contractual forms;
- Assistance, advisory and assessment regarding compliance and legal sustainability of the commercial structure, also through the drafting of independent opinions;
- Verification of the compliance of commercial sites with the applicable legislation, particularly from a consumer protection point of view;
- Management of electronic payment profiles;
- Legal assistance and dispute management;
- Training and refresher courses.
E-Discovery and Forensic Investigation
Thanks to the experience acquired over the years, we offer our customers a highly specialised Forensic Investigation advisory service.
More specifically, we assist our customers with particular regard to the correct personal data processing methods for carrying out defensive investigations or enforcing or defending their rights in court, both during arbitration or conciliation proceedings, including at the administrative phase, and at the preliminary phase before the commencement of any legal proceedings, and in the phase following their settlement.