Data Protection and Valorisation

Prof. Avv. Oreste Pollicino, drawing on his extensive academic, professional, and policy-making experience—including his role as a member of the expert commission responsible for aligning Italian legislation with the GDPR in 2018—offers an integrated legal advisory framework on data protection and strategic data valorisation.
This proposal is distinguished by an approach that combines regulatory rigor, technological innovation, and the creation of competitive business value.

Strategic Vision

Data governance is conceived as a balance between regulatory compliance and innovation potential.
The goal is to transform data from a passive, regulated object into an active, strategic asset, while upholding the highest standards of fundamental rights protection.

Advisory Areas

1. Data Protection

Ensuring regulatory compliance and mitigating risks related to the use of personal and corporate data.

GDPR and international regulatory compliance

  • Legal and technical audits to assess data processing compliance

  • Design of privacy-by-design and privacy-by-default policies

  • Support in managing data subject rights (access, rectification, erasure, portability)

Data Protection Impact Assessment (DPIA)

  • Risk analysis with a focus on automated data processing

  • Development of integrated DPIA/FRIA models

Cybersecurity and data breaches

  • Incident response protocols and notification procedures

  • Technical support for data protection tools (encryption, pseudonymization, anonymization)

Engagement with Data Protection Authorities

  • Assistance in managing communications and regulatory proceedings before national DPAs

2. Data Valorisation

Optimizing data usage to generate economic and strategic value in light of new EU regulations (Data Act, Data Governance Act)

Data governance and strategy

  • Development of corporate data governance frameworks (personal, non-personal, and industrial data)

  • Support for the adoption of EU-compliant data sharing models

Data trusts and collaborative models

  • Design of data trusts or secure data-sharing spaces

  • Legal support for sector-specific data ecosystems aligned with EU initiatives (e.g., Gaia-X)

3. Artificial Intelligence and Data

Integrating data use into AI systems in an ethical, transparent, and legally compliant manner

Bias and algorithmic transparency

  • Audits to identify and mitigate bias in AI models, ensuring the protection of fundamental rights

  • Legal guidance on algorithmic decision-making transparency, in line with the AI Act

Ethical and responsible data use

  • Development of internal policies to prevent misuse or discriminatory use of data

  • Support in designing explainable AI systems that respect automated decision-making rights

Privacy–Innovation Interface

  • Identification of opportunities to leverage data in AI projects without compromising privacy protections

Operational Approach

Initial Assessment

  • Evaluation of client-specific needs and mapping of data processing activities

  • Risk–opportunity analysis for both personal and non-personal data

Solution Design

  • Tailored strategies to ensure both data protection and value generation

  • Drafting of legal and operational tools (policies, contracts, protocols)

Implementation and Training

  • Support throughout the implementation phase

  • Corporate training on legal frameworks, technology, and best practices

Ongoing Monitoring

  • Periodic compliance checks and impact reviews

  • Updates to policies in response to regulatory or technological developments

ALL ACTIVITY AREAS

Prof. Avv. Oreste Pollicino, drawing on his extensive academic, professional, and policy-making experience—including his role as a member of the expert commission responsible for aligning Italian legislation with the GDPR in 2018—offers an integrated legal advisory framework on data protection and strategic data valorisation.
This proposal is distinguished by an approach that combines regulatory rigor, technological innovation, and the creation of competitive business value.

leggi di più...

Strategic Vision

Data governance is conceived as a balance between regulatory compliance and innovation potential.
The goal is to transform data from a passive, regulated object into an active, strategic asset, while upholding the highest standards of fundamental rights protection.

Advisory Areas

1. Data Protection

Ensuring regulatory compliance and mitigating risks related to the use of personal and corporate data.

GDPR and international regulatory compliance

  • Legal and technical audits to assess data processing compliance

  • Design of privacy-by-design and privacy-by-default policies

  • Support in managing data subject rights (access, rectification, erasure, portability)

Data Protection Impact Assessment (DPIA)

  • Risk analysis with a focus on automated data processing

  • Development of integrated DPIA/FRIA models

Cybersecurity and data breaches

  • Incident response protocols and notification procedures

  • Technical support for data protection tools (encryption, pseudonymization, anonymization)

Engagement with Data Protection Authorities

  • Assistance in managing communications and regulatory proceedings before national DPAs

2. Data Valorisation

Optimizing data usage to generate economic and strategic value in light of new EU regulations (Data Act, Data Governance Act)

Data governance and strategy

  • Development of corporate data governance frameworks (personal, non-personal, and industrial data)

  • Support for the adoption of EU-compliant data sharing models

Data trusts and collaborative models

  • Design of data trusts or secure data-sharing spaces

  • Legal support for sector-specific data ecosystems aligned with EU initiatives (e.g., Gaia-X)

3. Artificial Intelligence and Data

Integrating data use into AI systems in an ethical, transparent, and legally compliant manner

Bias and algorithmic transparency

  • Audits to identify and mitigate bias in AI models, ensuring the protection of fundamental rights

  • Legal guidance on algorithmic decision-making transparency, in line with the AI Act

Ethical and responsible data use

  • Development of internal policies to prevent misuse or discriminatory use of data

  • Support in designing explainable AI systems that respect automated decision-making rights

Privacy–Innovation Interface

  • Identification of opportunities to leverage data in AI projects without compromising privacy protections

Operational Approach

Initial Assessment

  • Evaluation of client-specific needs and mapping of data processing activities

  • Risk–opportunity analysis for both personal and non-personal data

Solution Design

  • Tailored strategies to ensure both data protection and value generation

  • Drafting of legal and operational tools (policies, contracts, protocols)

Implementation and Training

  • Support throughout the implementation phase

  • Corporate training on legal frameworks, technology, and best practices

Ongoing Monitoring

  • Periodic compliance checks and impact reviews

  • Updates to policies in response to regulatory or technological developments

ALL ACTIVITY AREAS