StAG S.r.l.

Privacy and data protection

The EU General Data Protection Regulation introduced new obligations and perspectives for every organization the processes personal data. The risk-based and result-oriented approach to compliance, together with its European-wide scope is quite innovative.

With the GDPR, Data Protection becomes an integral part of organizational compliance,  a necessary process for every kind of organization, even more so considering the new figure of the Data Protection Officer.

We offer specialized data protection consulting services designed to allow your organization – commercial or otherwise – to be compliant with national, EU and international regulations. We can cover both the organizational and the technical sides of compliance.

Our services can be articulated as follows:

  • Gap analysis and how to ‘get there’
  • Developing of mandatory documents for privacy compliance
  • Data Protection Impact Assessment
  • Audit of privacy controls in place
  • Developing of instructions for IT systems users and security policies
  • IT security controls for privacy
  • Organizational controls
  • ISO/IEC 27001 implementation and controls
  • Information and consent
  • ePrivacy Directive compliance
  • Training and seminars

Our extensive experience in information security management systems and cybersecurity allows us to tackle particular data protection issues as well:

  • Data Processing for profiling and marketing
  • Biometric and genetic data
  • Geolocalized data
  • Employees’ data processing
  • Video Surveillance
  • Judiciary data and corporate digital forensics

We can act as an external Data Protection Officer (DPO) for every kind of  European organization.

GDPR Compliance

Consulting package for GDPR compliance: gap analysis, risk management, data protection impact analysis, compliance planning, compliance implementation, training plan, information security planning.


Internal training planning. Training packets: general introductory or periodical seminar, full day seminar for data protection managers, DPO training (two days). eBook on data protection compliance.

Risk management

Data Protection Officer appointment. Information security advising and corporate forensics. Advising in case of audits and authority visits.


Information security management. Security policy, security controls design and implementation. ISO/IEC 27001 compliance. Information security of personal data is one of the pillars of GDPR compliance.