Scroll Top


Pavia e Ansaldo and Marsh on “Gdpr and compliance: conformity and security as corporate objectives”

Milan, 5 October 2017 – The regulatory developments and cyber risk management to protect corporate strategic assets have been the focus of the conference “The new privacy policy: corporate compliance and responsibility” organized by the law firm Pavia e Ansaldo and Marsh, leader in insurance mediation and risk management, held in Milan yesterday.

The Conference, with introduction by Agostino Migone De Amicis, partner with Pavia e Ansaldo, was opened by Deborah Bolco, also partner with Pavia e Ansaldo, who focused on the change in the approach to privacy made by the general data protection regulation (GDPR) and the corporate compliance and responsibility also in light of the guidelines of the data Protection Authority. GDPR is going to become fully applicable on 25 May 2018.

Privacy regulations and the bolstering of the rights of the subjects concerned were at the focus of Mariangela Papadia, senior associate with Pavia e Ansaldo.

Corrado Zana, Business Resilience Regional Leader Continental Europe, Middle East, Africa (CEMEA) at Marsh Risk Consulting, observed the GDPR as an objective but also as a means to launch a program for the adaptation of computer systems and processes aiming at the conservation of valuable corporate data.

The conference was closed by Mario Di Giulio, partner with Pavia e Ansaldo, on the general system of compliance.

“The GDPR is bound to have a massive impact on globalized enterprises and on the digital market due to the influence that new technologies have on personal data and pertaining rights, as well as in all the fields where the right to data portability has to be considered. More generally, the application of the regulation will have stronger influence on businesses that deal with very sensitive data than on those dealing only with sensitive data of employees. Moreover, the regulation will entail a true change in culture given that the old concept of mandatory provisions will be substituted by a process based approach concentrating on identification and assessment of risks to create a privacy system tailored for the enterprise”, commented Deborah Bolco, partner with Pavia e Ansaldo.

“One of the main implications of the concept of accountability, as key principle of the new Regulation for rendering management responsible, is the need for a dialogue between privacy and other corporate structures. The fact that unlawful data processing was at the last minute taken out of the list of crimes on which legislation under legislative decree 231/2001 is applicable does not mean that, today more than ever, the organizational models of corporate compliance and privacy should not be harmonized and combined to boost their effectiveness”, underlined Mario Di Giulio, partner with Pavia e Ansaldo.

“Being prepared for 25 May 2018, the day on which the GDPR will become effective, requires a combined approach that deals with the topic from an organizational, operative and technological point of view. Marsh Risk Consulting, through an internal team made up of lawyers and experts in information security, proposes the GDPR Readiness Assessment activity that is useful for the definition of the measures to adopt in order to “demonstrate” compliance with the legislation”, explained Corrado Zana, Business Resilience Regional Leader Continental Europe, Middle East, Africa (CEMEA).