skip to Main Content

This post is also available in: Italiano Español Français



Gdpr. What are added values in companies?

Operational efficiency

Security of informations

Customer confidence

Legal protection

Gdpr. What are added values in companies?

Operational efficiency

Security of informations

Customer confidence

Legal protection


Our compliance process thought GDPR

Road to…

analysis of the range of application and of the internal and external contest of processing.
data mapping
management and analysis risk
data protection impact assessment DPIA
arrangement of the records of processing activities
procedures and records of personal data breach – data breach
Designation of processors and persons authorised to process personal data
review of business process and policy
compliance check of website / app / social
training of staff authorised to process personal data
internal audit system to check the efficiency of technical and organisational measures.
Designation of the Representative of controllers or processors not established in the Union
obligation check and designate of the data protection officer – DPO
preparation to voluntary certification ISDP©10003

Need further informations? Contact us!

Frequent Questions

Media talk about GDPR as a way to safeguard citizen in terms of data protection.
But those advantages are paid from companies

Because a lack of compliance with GDPR, exposes companies to serious and high risks, not just sanctions but also in legal cases.

It’s better to adapt to GDPR in order to keep the company away from potential risks and increasing business efficiency, reliability and competitiveness towards partners and customers

When we spend for GDPR we receive security and efficiency in the business process.

GDPR help us to find our way:

  • One regulation efficient for all the EU
  • effective, proportionate and dissuasive sanction for all the society
  • Based on controller accountability and rights of data subjects

GDPR requires effective, proportionate and dissuasive sanctions that help you to change your mind. For this reason the amount established by the Authority:

  • Up to 20M€
  • Up to 4% of the total turnover

the legal representative may be subject to criminal convictions.

Managing the risks related to the data processing inside the company is essential with a methodology you can prevent and analyse illegal risks and so damage caused by the company.

For example, in case of ransomware  (block of data), the company risks a very high financial outlay to restore them if it is possible.

The data is unusable, so you can not use anymore the data that you have obtained by violating the law.


A simple example is the sending of promotional emails where the data subject does not give the consent previously. The lack of this authorization means sanctions and also a serious damage to the corporate image.

No, it is not. ISO 27001 may require some principles of GDPR:

ISO 27001 defines a management system for business information’s security. 

GDPR helps natural persons think accuracy, lawfulness and openness on processing of personal data in order to protect fundamental rights of data subjects. 

Some softwares currently on the market, like PrivacyLab, can help you in terms of implementation of process provided by Regulation. However, they are not sufficient at all to guarantee compliance to regulations. 

The use of a software can help the company during the process but:

  • it does not help taking decisions and explain them.(Accountability)
  • it does not guarantee the compliance in long term,
  • it is not useful during the staff training.

Because a company that comply with GDPR:

  • requires personal data in a lawful way, by informed and consenting interested parties. No sanctions and more security.
  • is aware of data use and their values. More efficiency and security in internal process.
  • chooses the purpose of the treatment useful for its own business: managerial autonomy.
  • it only uses data that it needs: less management resource.
  • more prestige and confidence: more protection means more client’s trust.
  • less waste of business resources: understand what tools you can use and how many costs implement for services.
  • improvement of business process.


If the staff is not trained, technical security measures are no effective enough. 

The European Regulation 2016/679 (“GDPR”) does not protects “data” but protects rights and fundamental freedoms of natural persons according to their personal data. Is a kind of “stop point” for misuse in personal data market.

Training, also provided remotely, is one of the mandatory elements that the processor and the controller will be called upon to answer, highlighting it.

The article 29 Reg. 2016/679 remember us that:

“The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller…”

Have “instructions” does not mean have a superficial idea on data protection, it means:

  • well known acknowledge on all the data actions that we do during day.
  • understand reasons and the importance of the security measures given by the controller for data and civil rights protection.


Staff training is an advantage for the company because the more you know the less risks you have.
Following right procedure surely help the company but only the staff training can lead company to growth. Training an employee means invest on your company future.
Also distance training reduce costs and improve productivity.

PRIVACY365 also gives live stream training for persons authorised to personal data processing and business contact privacy.

For privacy experts there is a specific training practice to improve their skill and techniques.

PRIVACY365 offers also training courses based on daily operation in different sectors with GDPR.

PRIVACY365 training courses are held by professional experts specialized in privacy, data protection and cybersecurity.

ISDP©10003 certification

A way to guarantee to our clients the full compliance with the Regulation GDPR.

The certification (article 42 of GDPR) shall be voluntary for testing the full compliace with the european regulation in terms of processing of personal data. 

The certification is a guarantee for clients but also is a way to mark companies with the tag  “processing of personal data is part of core business”.

The certification does not relieve the controller from GDPR duties. It is a guarantee towards the interested subject on the respect of treatments and it is a justification in case of penalties. 

Now a days the certification, both in the public and private suppliers sector, is a way to obtain, under the same conditions, a better score in the award of a tender.

Who are we?

PRIVACY365 was founded in 2013 by professional privacy experts to provide advice, training, audit and certification on personal data protection.

We work in this following areas:

Insurance Banking

Insurance banking

Heath System

Heath system

Public Administration

Public administration

School System

School system

Online Publishing

Online publishing

IT Web Cloud

IT web cloud



Multinational Industry

Multinational industry

Every single consulting project is organized around the function of the Project Management Office, side by side with a Project Leader who organizes a working team with all the skills required.



The strength of a multidisciplinary team

Each GDPR compliance plan requires a multidisciplinary team that combines a well-known knowledge of the sector where the company operates, specific skills towards assistance, training but also audit on personal data protection.

Those skills are put together to complete the project. PRIVACY365 gives to each client a different working team based on specific skills that they need. 

PRIVACY365 is a team of experts with competences in this following areas:

insurance banking

heath system

public administration

school system


multinational industry

online publishing


With over than 30 years of Security and Privacy experience, PRIVACY365 network experts have the most prestigious certifications in the sector, issued by Certificated International Bodies like for example:

Privacy Officer E Privacy Advisor
Privacy Officer e privacy advisor

CDP scheme according to ISO/IEC 17024:2012

European Privacy Auditor
European Privacy Auditor

Certification scheme ISDP©10003
according to ISO/IEC 17065:2012

Privacy Assessor
Privacy Assessor

according to law UNI 11697:2017

Anti-Bribery Lead Auditor Expert
Anti-Bribery Lead Auditor Expert

according to ISO/IEC 17024:2012

Data Protection Officer
Data Protection Officer

according to ISO/IEC 17024:2012

ICT Security Manager
ICT Security Manager

according to the law: UNI 11506:2017

IT Service Management (ITSM)
IT Service Management (ITSM)

We are always looking for new companies in the IT/ICT sector and experts to integrate in our Network.

For further informations please write at

Back To Top