Privacy GDPR and other compliance
The Companies and Public Institutions are increasingly forced to organise them, to acquire skills and to initiate specifical internal processes in order to implement obligations under an increasing number of laws, being able to prove to fullfilm them in a full and correct manner.
Such laws develop over time and variously involve a plurality of areas and functions, starting from Business Administration and Finance to Audit, from Risk Management to Information Systems.
The most relevant laws requiring compliance and impacting (or should impact) on Computer Systems include:
- Eu Regulation 2016/679 (GDPR) on privacy, understood in Italy with (former D.Lgs 196/2003 and former Law 675/1996);
- D.Lgs. 81/2008 and former D.Lgs. 106/2009 on safety at work;
- L. 231 on Corporate Responsability (former D.Lgs. 231/2001) and subsequent amendaments, specifically the latest D.Lgs. 121/2011;
- L. 48/2008 on computer crime;
- HACCP (Reg. CE 852/04 e D.Lgs 193/07) on healthfullness of foods;
- Law 626 on bank transparency.
Other national and international regulations include for specific sectors:
- the American Sarbanes-Oxley for companies listed on Wall Street;
- Solvency for insurance sector (analogous to Basilea II for banking industry);
- Directives MIFID, Banca Italia, Basilea II for banking sector;
- CONSOB Directives for companies listed on Milano Stock;
- ISVAP Regulations.
In addition to the above provisions, Companies and Institutions must then satisfy and be certified on best practices and standard, such as ISO 9000 on quality, ISO 27000 family standard on digital security, etc.
Overall, many of these regulations have common elements, such as process approach and risk analysis.
For this reason Malabo has identified a course and integrated approach in order to implement the correct "compliance" on set of rules which must be followed by any Company/Institution, thus reducing overall analysis cost (for example, many parts of risk analysis are shared by several regulations), and/or by reusing those already carried out.
Malabo's actions on compliance sono di tipo consulenziale; as far as GDPR concerned, starting with the first italian law on privacy approved in 1996, Malabo developed a set of modules and computer tools (Kit Privacy) in order to support, to customize and set in the Client's specific reality.
Objectives
- Providing effective and efficient solutions in order to factually conform Client needs to mandatory standards;
- Following an integrated approach between regulations, involving Malabo's specialist partners;
- Providing an ongoing support as automated as possible.
Who we work
- ICT Companies and Institutions, on the supply and demand side
- Entrepreneurs and top decision-makers of Company/Institution
- Data Processors of a Company/Institution, such as DPO
- HR Manager
- Chief Information Officer (CIO), Chief Information Security Officer (CISO), Chief of computer networks and various IS application environments.
- Business Unit Manager
Customer Benefit
- Implementing an effective compliance with the various standard which a Company/Institution is subjected and must be satisfied;
- Being provided with a coordination and alignment for compliance to several mandatory standards for the Client, avoiding mismatching and/or overlapping in information and analysis collection;
- Being provided with computer tools for the collection and management of all informations related to compliance with several standards, ensuring a true accountability.