What does being a privacy Consultant mean?
APrivacy Consultant is a professional who has received special certification or has completed a dedicated course of study. Such courses serve to train a Consultant and keep him constantly up to date so that he is able to help and support companies and professionals to comply with the new European GDPR, so protecting their own and others’ data and avoiding sanctions and image repercussions.
My company processes “only” customer data and we keep all data under lock and key, we don’t need any special measures, so can we manage privacy on our own?
It is absolutely not a given that a company that only processes common data does not have to comply with any particular formalities, because it is not the nature of the data that determines the measures, but how data are processed. You could manage your privacy on your own, but this would mean having to inform yourself in detail about each new GDPR directive, identify the potential risks and potential flaws in your system, and then be able to understand exactly what steps to take to meet the dangers, and if necessary be able to explain in detail to the Privacy Authority the precautions taken in case of data theft.
What are the obligations of the Privacy Consultant?
Who is involved in these formalities?
All these basic requirements concern anyone who comes into contact with data, even if they are limited to first and last names. It goes without saying that the figure of the Privacy Consultant plays a very important and decisive role in the management of a company and to do without him could put the company at risk of by no means negligible dangers and sanctions.
How important is a privacy Consultant?
Having a contact person who has a detailed familiarity with the new European GDPR and keeps constantly up to date is fundamental for companies and professionals, since data processed differently to what is specified inevitably entail a potential danger for the rights and freedoms of data subjects.
Are training courses required to enable companies to manage and guarantee the data in their possession?
Article 29 of the European GDPR makes training mandatory, so that every legal subject is familiar with the Regulations and knows how to apply them continuously and correctly. Our team of consultants is at your disposal.
Is training only mandatory for the owner of the company or for the employees too?
Article 29 of the European GDPR states that “The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller……”. In short, we can already answer the question: training for employees is mandatory!
Supervisory body and sanctions
Controls by the Privacy Authority (the supervisory body) are already underway and sanctions have been applied sometimes of a certain entity, through the Guardia di Finanza. During the inspection, the concept of accountability is fundamental: during the control phase, the company or professional must demonstrate with logical reasoning and evidence what has been done and what has not been done, laying out the reasons for non-compliance. If the Authority deems it necessary to apply the sanction, it will be the elements collected during the inspections that ensure it can be applied in an effective, proportionate and dissuasive manner. Sanctions can amount to up to 4% of the company’s turnover.