fbpx
top-consulting-and-services-logo 200x123

PrivacyManagementTools

Software for the management of privacy and security of information as established by GDPR.

loghi privacy management tools

The PrivacyManagementToolsproject proposes the development of innovative software aimed at companies to manage all aspects of privacy and information security in accordance with the GDPR.

In today’s scenario, access to private information of individuals or companies is constantly put at risk by threats of computer system breaches due to inadequate cyber security.

The European Union has decided to apply the General Data Protection Regulation (GDPR) – EU Regulation 2016/679 – to all member states as of May 25, 2018. The GDPR will affect more than 4 million companies in Italy alone that handle personal data in various ways. To comply with the GDPR any organization and company operating in the European territory and processing the data of individuals residing in EU countries will have to implement a wide range of measures covering: Accountability; Consent; Data security; Introduction of a data protection officer; Data leakage; Data portability.

Penalties for companies that fail to comply with these regulations can reach 20
million euros or up to 4 percent of a given company’s annual turnover. However, to date only 9 percent of companies in Italy have initiated a structured project to comply with the GDPR regulations.

Goal

Project Goal. PrivacyManagementTools is to develop and market innovative software for companies aimed at:
  • Data Protection and digital security
  • Data Privacy management

The PrivacyManagementToolssoftware will be structured into 5 distinct modules that will control and manage, respectively:

i) Data analysis;
ii) Accountability and data retention time;
iii) Security measures;
iv) Data breach alert;
v) Privacy impact assessment.

The proposed technology and its implementation at the Latium region level will lead the region to become an example of innovation for the whole of Europe, which will face the same type of regulation regarding privacy and data security.
Companies that adopt PrivacyManagementTools will be better protected in terms of security, safeguarding against potential losses caused by cyber-attack, and will also be out of the risk of the huge penalties that the EU will apply to those who fail to comply with GDPR requirements.

Partners

TOP CS: Lead Enterprise – Software development, integration and technical validation

TOP Consulting Services (TOP CS) headquartered in Via Benedetto Croce, 44 00142 Rome (RM) https://topcs.it/ C.F. and P.I. 06466401004 is a System Integrator established in 2001, Microsoft Certified Partner since 2009. The vocation to innovation is a cornerstone of its mission as demonstrated by the numerous regional and national research and development calls won over the years and the very recent (18/11/2015) Seal of Excellence Certificate issued by the European Commission for the project “Digital Network Application for Mobile Transport Evolution” carried out, as lead partner, in the framework of Horizon 2020, the EU Research and Innovation Program 2014-2020.TOP CS aims at the development and use of new technologies, and in this regard believes that organization is key to working at its best in such a dynamic and competitive market, and that people must be good and motivated. That is why TOP CS does not do “body rentals” aiming instead to train and retain its employees in a process of constant business growth

C4B – Technical-legal consulting in data security and privacy management

C4B with registered office in Via Andrea Doria 5, 20124 Milan C.F. and P.I. 040509100261 is a company specialized in providing services related to the use of personal data in economic activities. The company offers clients lists of potential clients, conducts organizational and management analysis, and develops integrated solutions based on the use of innovative software for the management of regulatory obligations in the field of digital security. The company’s main goal is to create value through IT services, consulting and management of outsourced processes with a highly innovative character, enabling clients to develop their business with the utmost ethical and legislative compliance and ensuring maximum data security as per legal regulations. The company’s experience enables it to analyze and profile data to maximize its security, yield and efficiency.

The company supports clients in all phases of their business: from technological infrastructure and business process management, to customer relationship management, data analysis of Customer Base and DB prospects to the construction of direct marketing campaigns. In this context, controlled management of personal data and compliance with regulations protecting confidentiality acquire particular importance.

C4b provides companies with a privacy consulting service guaranteed by a team of highly skilled professionals and attorneys who can bring privacy attention to high levels.

It specifically performs projects to carry out data processing impact assessments, known as PIAs (Privacy Impact Assessments or Privacy Impact Assessments). This is a new tool that can help companies comply with data protection obligations while accommodating users’ expectations of privacy. An effective PIA allows companies to identify and resolve problems at an early stage, reducing possible costs and reputational damage.

Conducting a PIA is not a legal requirement, but it is the most effective method of demonstrating that the processing of personal data complies with the law.

Results

The proposed project is based on the following activities and objectives (WP):

WP1 – Industrial Research Activities: preliminary acquisition analysis. know-how. Months: 1 – 4 of the project.

During this first phase of the project, a preliminary analysis will be done on user requirements, specific needs, and initial technical schematics of software design. An evaluation of legislative documentation, and an assessment and analysis of cyber threats will be carried out. During the preliminary study phase of will also go to perform the analysis of business processes, starting from the study of some business cases. In addition, through a specialized study of domestic, European and foreign data protection regulations, the regulations concerning the privacy of direct users will be analyzed, thus defining the standards and rules of service use.

The overall Architecture of the PrivacyManagementToolssoftware will be defined, and the work plan to be followed to optimize the innovative product development work will be outlined.

WP2 – Software development activities and internal testing. Months: 4 – 10 of the project

At this stage, the software PrivacyManagementToolswill be developed.

The tool in question will be developed in 5 modules, plus a supplementary one, corresponding to the individual functions of PrivacyManagementTools:

Module 1 – Data Analysis: module in charge of converting personal data into metadata (attribution to each individual data of lawfulness correctness and transparency; minimization of data; attribution of accuracy; attribution of data retention limitation; attribution of intergrity and confidentiality).

Module 2 – Accountability and Data Retention Timeframes: a module designed to generate a Data Processing Activity Register (definition of parties who may process data; definition of terms of use; definition of data processing timeframes; tracking of parties who have had access to data).

Module 3 – Security Measures: a module designed to generate periodic Reports on processing activities that give an account of compliance with the security measures adopted.

Module 4 – Data breach alert: A module designed to report through alerts anomalies, abuse or misuse based on standard parameters defined by the system operator.

Module 5 – Privacy impact assessment: Module in charge of making the Data Protection Impact Assessment Document (support in making the privacy impact assessment.

Supplementary module – Self-certification and second-level certification: Supplementary module for self-certification of treatment processes and definition of a predefined level of adequacy. A working team will be established to develop the platform, taking care of the content aspects related to privacy legislation. Following this, the Database will be developed, which will have to manage and contain the data exchanged through the service, and at the same time advanced routines will be developed to manage this data securely and in compliance with privacy protection laws. We will proceed with the development of the software user interface, the configuration of the system and consequently integrate the various tools developed in the previous activities.

WP3 – Testing and validation. Months: 8 – 12 of the project

This activity will be developed in parallel to the WP2 and through the development of various cycles will allow a continuous update and refinement of the final product PrivacyManagementTools. The software  PrivacyManagementTools will be reviewed and audit and assessment activities in the area of Data-Protection will be audited with the objective of assessing whether and to what extent the software operating procedures meet compliance with regulatory requirements on Data-Protection. A dedicated activity is also planned to define the user manual for the auditor and users. Finally, an analysis and study of questionnaires will be conducted to evaluate the use of the privacy management tool software.

Starting with the first Software Release at month 8, testing will be conducted (Load testing, security testing, feature testing, bug testing, etc.) in order to resolve programming errors. It is planned to carry out 6 cycles of testing leading to 6 increasingly optimized versions of  PrivacyManagementTools, as is the practice in the software development industry, through a process of body rent and beta testing. The Test activities will have an increasingly shorter duration as the software is optimized, thus allowing them to be completed in the 3-month time frame. In addition, it is planned in the last 2 months of activities to have a sample target group participate to conduct the Test activities, so as to also have feedback from end users and thus make the product perfectly optimized for market needs, eliminating the last bugs present. Finally, real-world testing will be carried out with 10 end-user companies, and in addition, the results will be validated with 500 companies through questionnaires.

Financial Support Received

The project proposal PrivacyManagementTools (CUP F83G17000870007) was submitted on the public notice “Aerospace and Security” referred to in Det. N. G13676 of November 21, 2016 POR FESR LAZIO 2014-2020 – Integrated Projects and was approved by Determination no. G18719 of 12/28/2017 published in BURL no. 6 of 18/01/2018

Below are details of the total grant awarded:

primateo-subsidy-granted

primatoo-loghi-regione
topcs-white150
LOCATIONS.
  • Rome
  • Via Benedetto Croce, 44
  • Milan
  • Viale Sarca, 336 - Building 12
Useful links
Facebook Linkedin

© 2024 TOP Consulting Services – All Rights Reserved