Logo Inveo Academy
Accedi

PRIVACY
AND
CYBERSECURITY
ADVISORY

Who we are

Inveo Advisory is the legal boutique created by Inveo Group with the aim of offering "tailor-made" services to all those companies that need support with respect to the problems and pitfalls that the GDPR and it compliance generate, managing specific and contextual needs, in order to "put out" any fires that may arise within organisation.
A vertical team of profesisonals capable of providing answers and support to all consultants, DPOs and companies that present critical issues in the areas of privacy, cybersecurity, due diligence, ESG.

Ready to face the privacy challenges of the next decade and to become the leader of the privacy market in GDPR risk monitoring and control, M&A privacy due diligence, and shining the spotlight on the impact of privacy within ESG criteria.

INVEO ADVISORY SERVICES

Assessment GDPR

GDPR Assessment

The GDPR applies to all businesses, organizations, professionals, and, more specifically, data controllers or managers that process personal data of European citizens, regardless of whether they are operating in the EU.
SEE DETAILS
M&A Advisory

Privacy Due Diligence

In an environment of constant technological development and massive use of personal data, privacy and information security within business and M&A transactions are an element that organizations can no longer ignore and therefore must be carefully evaluated in advance.
SEE DETAILS
Audit di 1° e 2° parte GDPR

1st and 2nd parts Audits

The First-Party Audit or Internal Audit is a tool by which the Organization verifies its position regarding its processes and performance.
SEE DETAILS
DPIA

DPIA

The GDPR requires the Data Controller to implement "appropriate measures" to GUARANTEE and be able to DEMONSTRATE compliance with the regulation.

DPIA is a process intended to:

  1. Describe the treatment
  2. Assess its necessity and proportionality
  3. Helping to manage risks to the rights and freedoms of individuals

In line with the risk-based approach, it is not mandatory to conduct a DPIA for every processing, but it is necessary to conduct it when a processing: "may present a high risk to the rights and freedoms of natural persons.".

The obligation for data controllers to carry out a DPIA should be read in the context of their general obligations to adequately manage the risks presented by the processing of personal data.

SEE DETAILS
GAP Analysis

GAP Analysis

In operational practice, the purpose of the preliminary audit/gap analysis is to assess compliance with the requirements of the relevant data protection regulations for the following purposes:

  • Evaluation and verification of the Corporate Privacy System
  • Product evaluation and verification (software, devices)


Definition of the current situation
Analysis of the current state of implementation of the Data Protection system, through objective evidence, procedures and operational processes fielded by the organization as part of its activities with regard to the personal data being processed.
SEE DETAILS

Support is protection

oblio oncologico
Magazine Advisory
Oblio oncologico: effetti pratici sui contratti e obblighi per le aziende

La Legge 193/2023 introduce il “diritto all’oblio oncologico”, vietando l’uso di informazioni su patologie oncologiche guarite per influenzare termini contrattuali dopo periodi stabiliti. In vigore dal 2 gennaio 2024, impone adeguamenti GDPR significativi per banche, assicurazioni e altri, prevenendo discriminazioni e garantendo l’uguaglianza di trattamento per gli ex pazienti oncologici.

Privacy e sicurezza dei dati negli score Esg
Magazine Advisory
Privacy e sicurezza dei dati negli score Esg: i vantaggi competitivi per le aziende

Nel contesto degli score ESG, la privacy e la sicurezza dei dati diventano elementi fondamentali per garantire la fiducia nell’affidabilità dei processi aziendali. I vantaggi competitivi per le imprese allineate al GDPR.

L’anonimizzazione dei dati nella ricerca medica
Magazine Advisory
L’anonimizzazione dei dati nella ricerca medica: problemi e opportunità

L’art. 110 del Codice della Privacy pone il Titolare, l’Autorità Garante e gli operatori di fronte a problematiche complesse e talvolta insormontabili, tali da frenare lo sviluppo stesso della ricerca, in particolare nel settore medico, biomedico ed epidemiologico

cinque punti per una compliance perfetta
Magazine Advisory
Trattamento dati personali in azienda: cinque punti per una compliance perfetta

Ogni trattamento del dato personale deve presupporre un quesito, ancor prima che il trattamento sia stato messo in atto. Pensare alle modalità di trattamento ancor prima di iniziarlo. Analizziamo i 5 punti da cui partire.