DATA Compliance
LEXIA supports Italian and international companies in the strategic and operational management of privacy compliance, in accordance with Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018.
Starting from the mapping of data processing activities and the analysis of information flows, our assessments always include a thorough gap analysis against the applicable legal framework. This results in the drafting and implementation of a corporate privacy management system that includes: records of processing activities (Art. 30 GDPR), privacy notices and consent forms (Arts. 12–14 GDPR), internal policies and operational procedures (data breaches, data subject rights, data retention, etc.), contractual clauses with suppliers and partners, including Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) for extra-EU data transfers.
LEXIA supports the appointment and training of key privacy figures (Data Controllers, Data Processors, System Administrators, DPOs), also assisting in the design of organizational models and processes based on privacy by design and by default. Our assistance extends to data security obligations and risk assessments, including the Data Protection Impact Assessment (DPIA – Art. 35 GDPR).
We conduct audits and provide targeted training programs for employees, managers and executives, with the aim of fostering a strong corporate culture around data protection. We respond promptly to data breaches and support companies during inspections or proceedings before the Italian Data Protection Authority.
Our practice works in synergy with the IT & Cybersecurity, 231/2001 Compliance, and Data & Technology Innovation teams, offering integrated, practical, and sustainable solutions. We support company management and technical teams in designing data governance strategies that ensure business continuity, accountability and regulatory resilience.
