Organizational Compliance
EU Regulation 2016/679 (“GDPR”) introduced the principle of accountability, which requires data controllers and processors to adopt proactive behaviors and demonstrate the effective implementation of measures aimed at ensuring compliance with the regulation. Essentially, it is not enough to merely comply with the provisions of the Regulation; specific and demonstrable activities must also be carried out.
Argo supports you in drafting the documentation required by the Regulation and in performing the activities that are required by the law.
Information to Data Subjects
Every company is required to provide transparent information to data subjects whose personal data is processed. Data subjects may include, for example: clients, suppliers, employees, consultants, app and website users, and newsletter subscribers. Discover which information must be provided to data subjects.
Authorizations for Data Processors
Individuals who process data under the authority of a Data Controller or Data Processor must be formally authorized and trained. We support you in drafting organizational charts, issuing authorizations, and training your organization’s personnel.
Appointments of Data Processors
All external parties that process personal data on behalf of the organization must be appointed as data processor or must sign a specific Data Processing Agreement (DPA)
Record of Processing Activities
Records are documents that list all personal data processing activities carried out by the organization. According to the GDPR, the following records must be prepared:
- Record of processing activities by the Data Controller
- Record of processing activities by the Data Processor (if the organization acts as a Processor)
Staff training
In compliance with the obligations under Article 29 of the GDPR regarding staff training, Argo specializes in delivering courses on privacy and personal data protection.