Information Security & Data protection
Information security deals with ensuring the confidentiality, integrity and availability of the data a company holds. There’s a misunderstanding out there with regard to the term ‘data’ as most legal and natural persons believe it only refers to personal data. In fact ‘data’ is a much wider concept encompassing all kind of information an entity may hold, whether personal or not.
We engage in:
• examining the sort of data you hold
• defining your obligations
• evaluating your degree of compliance
• tracking your system vulnerabilities and policy gaps
• assessing your risks
• designing a fitted for purpose and customized contingency plan
A company may handle personal information concerning its customers, employees or its partners’ employees, trade secrets, IP rights, etc. It follows that the protection of its data may be of significant value to a company for commercial reasons since while the improper use or leak of data could lead to reputation loss and the shrinking of turnovers, safeguarding data provides market penetration and competitive advantage.
At the same time information security vulnerabilities may have important legal repercussions depending on the contractual or state-law obligations burdening undertakings. That is why in INTEL-LEX we strongly believe that enhancing Information Security should be of primary importance to all businesses.
However, you should know that according to very reliable studies it is impossible to completely deter any risk. This must by no means disappoint and discourage you since authorities are very well aware of this reality. So what you should do is just show reasonable care. Our task is to help you meet that requirement.
The protection of your data is deployed in 3 steps. You are not obliged to choose us for all of them but if you do so, you may be sure we will do it most efficiently.
1. Getting to know your business
During the first meeting (if needed a second one might follow) we expect from you to determine the kinds of data you hold depending on your business. We will then discuss about their nature and help you spot your data flows.
Audits and strategy
Once we have understood the sources of your data and where they are stored it is important to define the legal framework that corresponds to your business depending on your data (this time is goes the other way round). Your obligations with regard to the protection of your data are contingent upon the laws, contracts and commercial requirements that burden you.
As a consequence our team will carry out audits within your company to see whether it complies with the legal requirements concerning the data it keeps and to determine the technical, administrative, legal, and commercial vulnerabilities of your technical means and policies – you should be particularly aware of the threats that face you especially when contracting with third parties and even more when using cloud services.
Following our findings we will do a risk-assessment to determine the extent of the threats, the damages that you may incur, the people affected in case of data breach, etc., and advise you on the measures you should take and the strategy you ought to implement.
During the implementation period we will design and apply the measures best fitted for your company to show real compliance, restrict risks and contain damages. Such measures include addressing technical deficiencies of your systems, drafting contingency plans, monitoring, etc.
If there is a data breach and if claims are filed against you or fines imposed upon your company, our attorneys will safeguard your defense. If, on the other hand, it is you who have claims against third parties we can assure you attack promptly and effectively.