Privacy Law

Under the guidance of the owner Prof. Atty. Giuliano Palma, the firm provides personalised legal advice and assistance for companies on the subject of personal data protection, both in the training of personnel and for compliance with the documentation required by law and the new European legislation.


A detailed analysis is performed, identifying the procedures to be in line with the new Regulation, together with the preparation of the specific documentation for each individual entity in view of the full application of the GDPR 679/2016, as well as of the Privacy Code as amended by Legislative Decree 101/2018.


Specialised services include:

  • Revision of Company Policies to conform personal data processing to the provisions set out in the Code as well as those adopted by the Italian Data Protection Authority.

  • Gap analysis with respect to the requirements and advice for adaptation to ensure that Clients’ data processing methods are really compliant.

  • Assistance in preparing the required forms and models (e.g., privacy statements, agreements / contracts, appointment of Data Processor, “privacy policy” and/or “cookie policy” formulas, etc.).

  • Assistance in drafting the records of processing activities.

  • Assistance in performing the DPIA (Data Protection Impact Assessment), a process aimed at describing the processing of personal data, assessing the necessity and proportionality, as well as managing any risks for the rights and freedoms of individuals, making an assessment of the level of impact and determining the appropriate measures to mitigate it.

  • Definition of training plan for employees and implementation of interventions.

  • Assistance in defining company policies on privacy by design and by default.

  • Assistance in defining adequate safety measures, through risk analysis and assessment of the specific risks inherent in the treatments carried out.

  • Assistance in cross-border data transfers between EU and non-EU countries. Contracts for

    • data transfer to non-EU Countries in compliance with the standard contractual clauses issued by the European Union following the Decision of the European Commission;

    • data transfer to non-EU Member States in compliance

    • with direct agreements, e.g. “EU-U.S. Privacy Shield” to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

    • or with the General Authorisations issued by the Data Protection Authority and the EU Commission for data transfer toward third countries, including Binding Corporate Rules.

High specific skills and competencies allow our Team to support the process of adaptation to the GDPR undertaken by already operating companies, but also to accompany the birth and development of start-ups and innovative companies.


Just in order to promote the advancement and dissemination of scientific education in the field of Privacy Law, the Firm is also the site of internships for post-graduate students of the II level Master in “Data Protection and Privacy Law Manager”, sponsored by the Italian authority for the protection of personal data, promoted by the European Commission and held by the University of Suor Orsola Benincasa, Naples, in consortium with three foreign universities: Seville (Spain), Loughborough and Derby (United Kingdom).