IT and Data

Everything or almost everything is about data.

Today, data is an essential component of the strategic assets of the State and of companies.

As long as data remained locked up in the company archives, the risks were low. Everything has changed with the digital transition.

Indeed, in recent years the digital transition has given a strong boost to regulatory production, imposing significant compliance efforts on companies, and confronting them with particularly complex legal issues.

Our IT and Data team provides legal assistance and advice to companies and groups of companies, both national and multinational, in the areas of personal data protection, cybersecurity, data economy, artificial intelligence, e-commerce and digital services.

Our professionals have a solid background in national and European legislation and have academic and in-house experience as well as specialised skills in disciplines such as consumer, telecommunications, pharmaceutical, medical, etc., which are essential to provide comprehensive and integrated assistance to companies and, in particular, those operating in regulated sectors.

The services that we offer in the IT and Data area include:

assessment on compliance with applicable regulations on personal data protection, cybersecurity, data economy, artificial intelligence, e-commerce and digital services (e.g. GDPR, NIS2, DORA, Cyber Resilience Act, Data Act, AI Act, Digital Services Act, etc.)
legal advice and assistance in the design and development of connected products and related services, artificial intelligence systems and other technology-related products or services, as well as e-commerce sites and marketplaces
legal advice and assistance in the purchase and provision of online advertising
drafting or reviewing, as appropriate, of information notices on the processing of personal data and requests for consent, privacy policy, cookie policy, general conditions of use and sale of websites, etc
drafting and negotiation of data processing agreements and joint controller agreements
drafting and negotiation of cybersecurity contractual clauses
support in assessing supply chain cybersecurity and regulating contractual relations with suppliers
drafting and negotiation of contractual clauses on the sharing of data generated by connected products and related services
drafting, revision and negotiation of agreements for the development, licensing, supply and sale of artificial intelligence systems
legal advice and assistance on the transfer of (personal and non-personal) data outside the European Union
assistance in the definition and formalization of the responsibilities within the company organisation (e.g. persons authorised to the processing, system administrators, Data Protection Officer, AI Officer, DSA Officer, etc.)
assistance in identifying structures, defining processes and preparing policies and procedures to ensure compliance with applicable regulations and the management of digital risks
assistance in carrying out data protection impact assessments and fundamental rights assessments
assistance in preparing and updating the register of processing activities and in mapping artificial intelligence systems
advice in connection with highly specialised matters (e.g. clinical trials, scientific research, use of software and other technologies in the workplace, payment systems, telemarketing, artificial intelligence systems, telephone and telematic traffic, etc.)
management of data breaches and other relevant incidents (also through ADVANT Nctm's network of partners providing IT forensics, ransom negotiation and PR services)
advice and assistance in the notification of data breaches and other relevant incidents to the competent supervisory or surveillance authorities and in the communication to data subjects
Data Protection Officer services
provision of staff training courses and realization of awareness campaigns
assistance in criminal, civil and administrative proceedings before the judicial authorities or the supervisory or surveillance authorities