PREVENTION AND PROTECTION SYSTEM
Advice and assistance on the adoption of an effective organization and management model, as well as the appointment of a third-party and independent supervisory body to oversee the implementation of the Model.
The evaluation of the possibility of adopting the Organization and Management Model would allow for a careful analysis of the company’s reality and sensitive risk areas, then being able to resort to the identification of a specific person, other than the employer and other figures obligated by law, delegated in the specific matter, and in doing so, the employer fulfills the obligation of supervision that precisely with the adoption of the effective model is considered fulfilled (combined provisions of Articles 17 and 30 T.U. 81/2008 on the subject of safety at work).
The strength of an efficient and functional Model, with an adequate system of delegation, lies in its suitability to enable the optimization and rationalization of the entire business activity and organization, resulting in the possibility of an effective model for the prevention of the crimes presupposed by the liability of the Entity, acting both as an exemption in the event of legal proceedings, but before that it will be an instrument of good management.
We accompany entities in adopting an efficient and functional model to meet the requirements of current regulations.
According to Article 83 of Legislative Decree 231/01, it is the national supervisory authorities (Guarantor) who are responsible for ensuring that administrative sanctions are effective, proportionate and dissuasive.
When imposing a financial penalty, the supervisory authority will need to consider various criteria for determining the type of penalty to be imposed and the amount, if any, such as:
– the nature, severity and duration of the violation
– The intentional or negligent character of the violation
– Whether the violation brought a profit to the holder
– The measures taken by the data controller or processor to mitigate the harm suffered by data subjects
– The degree of responsibility of the data controller or processor taking into account the technical and organizational measures implemented by them
– any previous violations
– the degree of cooperation with the supervisory authority in order to remedy the breach and mitigate its possible negative effects
– the categories of personal data affected by the breach
– the manner in which the supervisory authority became aware of the breach, in particular whether and to what extent the data controller or processor notified the breach
– compliance with any previous measures
– adherence to codes of conduct or certification mechanisms.
