The professionals in the Corporate Compliance Department at Bacciardi Partners provide multidisciplinary consulting and assistance to Italian and foreign companies in all stages of the implementation of the Corporate Governance Model 231/2001, health and safety measures in the workplace under Legislative Decree 81/2008, Privacy/Data Protection, Whistleblowing and Cybersecurity protocols and procedure.

Corporate Governance Model D.Lgs. 231/2001

  • Mapping of internal business processes and risks, legal assistance on the assessment and implementation of business procedures and instruments of delegation of powers;
  • Preparation, formalization, and updating of organization, management, and control models under D.Lgs. 231/2001;
  • Drafting of internal procedures, code of ethics, disciplinary system, and policies;
  • Education and/or remote training activities directed at the internal staff following the company’s needs;
  • Assistance in the establishment of the supervisory body (OdV) and related regulations, training activities for its members, and staff responsible for evaluating corporate compliance with laws 231/2001;
  • Audit activities to assess and strengthen internal control systems concerning specific risks;
  • Legal advice following reports and/or investigations promoted by the competent authorities.

Privacy/Data Protection (Regulation (EU) 2016/679 “GDPR”) and Cybersecurity

  • Gap analysis concerning applicable data protection and cybersecurity regulations;
  • Identification and analysis of personal data processing (data mapping) and related risks;
  • Definition of data protection roles and responsibilities;
  • Verification of hardware, software, and network system mapping;
  • Analysis of existing security measures and advice on implementing those suitable to ensure the security of personal data processing;
  • Preparation, formalization, and updating of the privacy and cybersecurity management system (Privacy Organizational Model);
  • Drafting internal procedures, regulations, disciplinary system, and ad-hoc policies;
  • Drafting and updating of processing registers and formal notices to employees, consultants, suppliers, and customers;
  • Assistance in managing privacy and data protection aspects related to M&A transactions;
  • Assistance in negotiating and drafting contracts for the processing, management, and transfer abroad, including outside the EU, of personal data (data protection agreement);
  • Data protection impact assessment (DPIA as per Article 35 GDPR);
  • Support in evaluating and managing legal aspects of personal data breaches;
  • Handling proceedings in front of privacy authorities;
  • Handling ordinary judicial disputes concerning compensation for damage resulting from privacy and data protection violations;
  • Legal advice in developing services compliant with the principles of privacy by default and privacy by design;
  • Regulation of tools suitable for employee monitoring;
  • Audits to assess compliance with regulations;
  • Legal advice and support on promotional activities through email, mobile, and social networks;
  • Legal support on creating and commercially using databases;
  • ducation and/or remote training courses on personal data protection for managers and employees.

Whistleblowing (D.Lgs n. 24/2023)

  • Assessment of corporate governance, Cybersecurity, Privacy, and Corporate Governance Model 231/2001 profiles for the proper implementation of Whistleblowing regulations;
  • Assistance in implementing internal reporting channels;
  • Drafting policies, procedures, and regulations for handling reports and drafting informative communications;
  • Legal advice to ensure the application of protective measures for whistleblowers, such as confidentiality of identity and protection against retaliation;
  • Support and/or assistance in the union consultation procedure for adopting internal channels of Whistleblowing;
  • Impact assessment of Whistleblowing on personal data processing, drafting, and revising existing privacy and data protection documentation within the company;
  • Education and/or remote training courses directed at internal staff following the company’s needs;
  • Acting as an external ombudsman for receiving and managing reports;
  • Legal support and assistance in conducting internal investigations in case of reports and in disciplinary proceedings.

Tax Risk Management

  • Preliminary analysis to: (i) identify the main tax risks associated with the business operations; (ii) check and ascertain the degree of tax risk control existing in the company;
  • Identifying, formalizing and implementing the processes and procedures for detecting, monitoring and controlling the identified tax risks (so-called tax control framework);
  • Performing tests of the adequacy and effectiveness of the tax risk control framework;
  • Periodic updating of the above-mentioned system.

Corporate compliance in customs matters

  • Preliminary analysis of the import/export activities carried out by the company in order to identify the main customs risks associated with the company’s operations;
  • Analysis of the procedures and measures adopted by the company in order to verify and ascertain the degree of customs risk control existing in the company;
  • Audits and analysis regarding customs classification codes used by the company, origin of goods, Dual Use goods regulations, embargoes, sanctions and trade restrictions to specific non-EU countries;
  • Preparation of the internal compliance program (so-called PIC) based on the detection of customs risks related to the company’s operations;
  • Assistance in the implementation of the PIC within the business processes and functions involved;
  • Assistance in updating and maintaining the PIC.