Home

Internal

Global

Contact

de|en|it

Rödl & Partner opens new office in Waterloo, Canada |

Worldwide

We use cookies to personalise the website and offer you the greatest added value. They are, among other purposes, used to analyse visitor usage in order to improve the website for you. By using this website, you agree to their use. Further information can be found in our data privacy statement.

Data Protection & Privacy

We are a team of legal and technical advisors specialized in Data Protection & Privacy, recognized both in Italy and internationally.

With over 20 years of experience, we support companies of all sizes and industries by offering practical, well-balanced solutions tailored to each client’s business needs and organizational context. Our compliance approach is pragmatic and client-focused.

We provide personalized support, guiding you through your compliance journey as true business partners, not just external consultants. We work with passion and professionalism, delivering customized, effective solutions that reflect each client’s specific requirements and capabilities.

We offer 360° support across all areas of Data Protection & Privacy, with particular expertise in the following.

Assessment

We carry out comprehensive assessments to determine the applicability of privacy regulations to your organization, including (when needed) legal and technical risk and impact analyses of processing activities, workflows, vendors, and systems. Our services include:

Light assessment: designed for small organizations, focusing on key areas and essential risks;
Medium assessment: tailored for mid-sized organizations, with a more targeted risk evaluation;
Full assessment: for large companies, offering in-depth, detailed risk analysis.

We assist with gap analyses, identifying and prioritizing actionable remediation steps;
We also conduct vertical assessments and independent audits of critical processes, such as metadata processing, call centers, cookie management, telemarketing, digital marketing, video surveillance and more.

Remediation

We support the implementation of legal remediation measures, such as:

Privacy governance models;
Policies and procedures;
Privacy notices;
Consent forms;
Appointments and authorizations;
Records of processing activities;
Data protection impact assessments (DPIAs);
Legitimate interest assessments.

We also assist in identifying and implementing technical controls to mitigate risks uncovered during the assessment phase, including:

Strong authentication and encryption;
Secure password management;
Privileged access management (PAM);
Vulnerability management;
Data loss prevention (DLP);
Incident response;
Disaster recovery & business continuity.

Monitoring & Governance

We provide Data Protection Officer (DPO) and Privacy Auditor services;
We conduct audits of data processing activities, workflows, vendors, and systems;
We design and execute inspection simulations.

Legal Advisory

Litigation support: we assist with complaints, investigations, inspections, and litigation before the Data Protection Authority or ordinary courts;
Non-contentious advice: we provide clear, concise opinions on privacy, related issues, including intersections with labor law, whistleblowing, cookies, marketing, profiling, social media, artificial intelligence, cybersecurity, and more;
Contract support: we draft, review, and negotiate contracts, clauses, and supplier agreements;
Strategic advice: we support the privacy-by-design implementation of strategic projects, processes, and tools, thanks to decades of collaboration with key business functions (HR, IT, Digital, Marketing, Procurement, etc.);
Ad hoc support: we manage specific data breaches (including risk analysis, DPA notification, data subject communication, media relations) and handle data subject requests.

Training & Awareness

Training: we deliver both online and in person training on Privacy & Data Protection, practical, hands-on, and either customized or standard for all stakeholders (employees, top management, system administrators, privacy managers, etc.);
Awareness: we offer short courses and video modules, custom or standard for data subjects and internal audiences-;
Legal updates: we provide updates on regulatory, jurisprudential, and doctrinal developments.