The synergy in managing Personal Data and Logical Security was strengthened, with a view to sharing analyses on information security and personal data protection, conducted with a unified methodological approach within the Group.
Requests for consultancy and specific legal support were managed by processing specific in-depth analyses of regulations and of the documentation required to ensure the regulatory compliance of Group processes in terms of privacy, also for service contracts.
The Group’s compliance with GDPR 679/2016 was addressed through an interdisciplinary project that involved the structure and a timely review of the Group’s entire documentation system, in order to document compliance with the requirements of the law in protecting personal data, from the conception and design phase of the processing, deciding the methods, safeguards and limits.
The standardization within the Group consisted in particular in monitoring and making known the development of data privacy regulations, designing and implementing a Common Privacy Management System for the Group, defining Group’s criteria to appoint data processors, preparing Document Templates for the Group’s main formal fulfilments.
Specific training was designed and implemented to update on the main new regulations, and to focus on the role of the Heads of the organizational units, responsible for processing, which involved the entire Group.
A single Data Protection Officer (DPO) was appointed for the Hera Group, in accordance with legal requirements.