privacy & security
MAN Evotech introduced in its staff people trained on data security.
A multidisciplinary team, composed by computer scientists, lawyers and privacy experts, is available to the customer to provide business consultancy in order to be conform to the European Data Protection Regulation (n.679/2016) for data customized according to needs and to the specific business sector.
Man Evotech is able to support the other companies providing operational procedures, assignments and instructions to manage and keep safe data. Our consultants provide a customized and continuous consultancy, to keep the privacy system always updated and operative over time.
What is the GDPR?
The General Data Protection Regulation became enforceable on the 25th of May 2018 in all the EU countries.The Regulation imposes strict obligations on processing and managing of European citizens data.
- Companies must protect customer data form unauthorised accesses;
- Educate the staff and the people in charge about personal data process according to the new policy;
- Have an inner or outer DPO (Data Protection Officer) if necessary;
- Have IT tools important to prevent and supervise any cyberattack;
It is the most important general principle of GDPR, that means responsibility and reporting.
The Process collector must take the proper measures to protect personal data and to report through documents, that demonstrate compliance with the General Personal Data Protection Regulation.
Team Privacy intervention consists in a preliminary analysis of the organisational strategies to bring out problems and vulnerabilities in data management and valuate corrective interventions and mitigation measures. Once the context has been examined it will be arranged an adequacy program, that allows to proceed with a series of activities designed to align and adapt the company to privacy legislation:
Implement organisational and procedural measures to protect customer data from unauthorised access.
Formalize assignments and agreements for internal and external entities.
Develop specific information for interested entities (customers, suppliers, employees).
Provide operational instructions to employees and people authorised to process the data.
Training activities aimed at the Data Controller and employees involved in the processing, in order to guide them to the right privacy approach.
Prevent and reject any cyber-attacks with vulnerability tests that verify that a system is exposed to potential theft of information and provide a report on the measures taken and that must be implemented for a correct data protection.
Support in drafting policies, manuals, and procedures to regulate the use of business systems.
Which documents are important for the adequacy?
Preparation of the documentation required to operate in accordance with current legislation:
- Accoutability document
- Nomination of those authorized to process data
- Policies delivery to those concerned
- Register of processing operations
- Risk analysis and security measures
- Rights management service of those concerned
- Data protection impact assessment
- Breach Management
Data Protection Officer
Data Protection Officer is chosen according to the professional qualities and specialistic knowledges of the regulation and procedure of data protection.
WHEN DO YOU NEED DPO?
- Process by a public entity;
- The main activities consist of processes that need a large-scale regular and systemic monitoring;
- The main activities consist of large-scale process of specific data categories;
WHICH ARE DPO’S TASKS?
- Supervising the compliance with the provisions within the organisation;
- Informing and providing support and consultancy to the organisation according to obligations related to data protection;
- Cooperating with the inspection authorities and acting as a bridge for issues related to data process.