Management and organisational systems consultancy
Our experience in advising companies that are present in various sectors of activity allows us to “export” our knowledge acquired in the most optimal management systems, personalising them according to the particularities of each organisation.
• Digitalisation and management workflow.
• Automation of accounting processes.
• Automation of reporting processes.
• Advice on the selection of finance department staff.
· Definition of business plan.
· Design of marketing plan and commercial strategy.
· Cost reduction plan.
· Community Manager.
· Management advice.
· BSC (balanced scorecard).
The Data Protection Impact Assessment (DPA) is a legal obligation under:
The provisions of Art. 35 and 36 of the GDPR (General Data Protection Regulation).
It also constitutes the essential basis on which an adaptation project to the European Data Protection Regulation is based. A new European regulation that represents a fundamental change in the protection of personal data within the EU, increasing the rights of users and the obligations of companies.
The Data Protection Impact Assessment (DPA) has a dual function:
- Preventive: aimed at identifying risks.
It is an assessment process that must be carried out before starting personal data processing operations. Therefore, it is about detecting, managing and trying to mitigate the risks that the processing operations may pose to the fundamental rights and freedoms of data subjects.
- Evidentiary: proof of compliance
Under EU law, it is an important tool for proof of compliance, as it not only helps controllers to comply with the requirements of the GDPR but also allows them to demonstrate that they have taken appropriate measures to ensure compliance with the Regulation.
If the PIA is mandatory and is not implemented, it will not have been analysed and assessed and, consequently, the measures that should serve to mitigate the negative impacts that processing operations may have on the rights and freedoms of individuals will not have been taken.
If negative impacts occur, this may lead to several infringements by the controller or, where applicable, the processor. It is also likely to result in material or non-material damage, some of it irreparable, to the individuals concerned; in any event, the extent of the damage and the type of offence to be applied depend on each case.
- Preliminary analysis
- Systematic description of the treatment
- Risk management
- Treatment review