loading

What is GDPR

The GDPR ("General Data Protection Regulation") is the General Data Protection Regulation which officially comes into force on 25 May 2018. It assigns European companies responsibility for sensitive user data, with the obligation to make every possible effort to protect it. The new legislation provides for the notification of any possible violation of personal data to the Data Protection Authority within 72 hours.

The penalties for companies that are in default of the GDPR are very severe: they can go up to 4% of the global turnover.

GDPR means mapping sensitive processes and data, identifying their treatment and related critical issues. The heart is the application of a Security Protection model and the adoption of cyber resilience technologies.

SAW for GDRP

GDPR as a competitive advantage

Companies now have a few months available to define and direct their investments towards adequate IT and procedural tools that allow them to better govern the process leading to compliance.

This, however, is above all the right time to transform a legal obligation into a competitive advantage.

Seizing the opportunity to adopt technical and organizational measures which, in addition to guaranteeing compliance with the legislation and reducing the risk of heavy penalties, increase the level of security and operational continuity, means reaping enormous advantages in terms of credibility and image business.

In un’epoca in cui i dati personali costituiscono un asset chiave e un business driver, la giusta strategia sulla privacy può attribuire all’azienda vantaggio competitivo rispetto ad altri competitor.In an era where personal data is a key asset and a business driver, the right privacy strategy can give the company a competitive advantage over other competitors.

Personal information is one of the most precious resources of organizations: an impeccable management of this data, which guarantees customers and partners to know with certainty and transparency what is being done with their information and, where required, that their consent to use them, will lead them to have, or strengthen, trust in the company and to prefer it over others that fail to ensure the same effectiveness.

SAW can help you!

We can work alongside companies to prepare them to face the change envisaged by the GDPR, offering targeted legal and organizational consultancy and technological solutions fully in line with regulations.

Companies are not all the same, but they all need to comply with the GDPR.

We are able to provide tailor-made solutions to meet all "Personal Data Protection" needs, taking into account the specific risk appetite, the company strategy, present and future, the type of data processed and the related security measures adopted.

The path of adjustment

The adjustment process is divided into several phases:

1. Assessment
2. Regulatory and technological adaptation
3. Profiling
4. Training


1. Assestement
The assessment allows you to identify and measure regulatory and operational deviations from the GDPR and to check if the organization complies in whole, or only in part, with the new legislation; this allows to identify the priority areas on which to intervene.

2. Regulatory adjustment
The regulatory and technological adaptation consists in implementing an intervention plan aimed at remedying non-conformities: a dedicated team will implement the necessary procedures and the most suitable technological solutions, supporting the company in all the activities necessary for aligning the organization to the regulation.

3. Profiling
Role profiling, creation of records and information is a management model that allows to limit the disclosure of information to specific duly informed and trained people.

4. Training
Training of staff inside your company

SAW, through its specialized staff, can help you in one or more stages of the journey.