General Data Protection Regulation

How do you approach the GDPR in a complex world with many processing activities?
Why is Data Governance key to GDPR?
What steps do you take after drafting there the register of processing activities?
What tasks concern the DPO? What tools are useful for carrying out these tasks?
How do you manage practically compliance of personal data retention time?
Is it possible to mechanize the generation of power of attorney to Managers? Can the managers and sub-managers chain be tracked?
Can you create a management flow of the rights of data subjects and automate consent management?
If you share data with countries outside the European Union, do you have to keep track of it?
What steps do you follow if you have incur in data breach?
Is a strategic and organized data management approach as well as an automatic approval workflow recommended to reduce risks?
How can you ensure long-term regulatory compliance?


These are just some of the questions that must be answered to set up a data protection system.

GDPR adoption is a real revolution for companies that will require time and resources to achieve full application. It is an important turning point; an evolution that will protect us as the road code safeguards us when we drive or walk through the city streets.

Do you want to know how BCC Rome and other 120 Mutual Banks have undertaken the path towards GDPR compliance with the help of Irion?

Hear what Emanuele Coletto – DPO of BCC Rome has to say at the “Banca 4.0? Then IT 5.0” event, organized by AbiLab. Don’t miss it!

The following videos illustrate our view on Data Masking and how to structure processing activities that can be the crucial for adapting to GDPR  data management processes compliance.

Irion GDPR inmplementation phases

Irion offers a complete and organized module solution to guide you towards optimal regulatory compliance path to mange both the GDPR intrinsic complexity and overall privacy legislation, which in addition to the GDPR includes – for example – provisions of Guarantor Authority, residual parts of the Privacy Code and laws that interact with these issues, both national (eg telemarketing) and European.

The right GDPR privacy management to guarantee long-term compliance: this implies a flexible system able to adapt to both business as well a legislative changes. Therefore, be it from the point of view of the processing activities active subject and that of the person performing the checks, it is very important to have the support of an tool capable of showing simultaneous involvement of the various entities (processing activities, security measures, personal data) to different sets and with different degrees of involvement for effective support in the implementation of requirements in their continuous management in  related compliance verification.





Governance and Classification

Generation of the treatment register and management of the related governance (actors and
• Impact assessment on data protection and risk mapping.
• Classification of personal data, processes and systems based on the GDPR criteria and with a view to
• Integration of personal data management into the broader governance system of
data and processes.
• Management of a sufficient set of metadata and functionality of lineage to govern
the processes relating to the rights of the data subject (oblivion, portability, retention limits, …) and to
anticipated obligations (Data breach).
• Implementation of risk and performance monitoring indicators (KRI / KPI) with focus
directed to issues related to GDPR.

Discovery and Monitoring

Strumenti di supporto alla fase di assessment e all’individuazione dei dati personali nel
landscape dei sistemi.
• Browsing e analisi dei dati mediante euristiche e regole di pattern matching atte ad
individuare eventuali dati sensibili in tabelle, flussi.
• Integrazione con i sistemi di governance (v. sopra) per garantire una opportuna sinergia
nelle fasi di inizializzazione, verifica e aggiornamento.

Data Quality

Implementation of rules and controls to verify the accuracy and correctness of the data.
• Relevance and completeness checks.
• Controls to support processes related to the rights of the interested party and related execution parameters.

Data and Workflow Management

• Pseudonymisation and anonymisation of data (Data Masking).
• Exercise of the processes related to the rights of the interested party.
• Orchestration and automation of tasks, integration of human tasks in the process.
• Alerting and notification.
• Exercise of data management activities (cancellation, update, archiving, …).


Simple Compliance

Easily achieve compliance and meet all deadlines by providing supervisors and managers with a trackable, measurable system.

Reduced Data Gaps

Leverage our solution automation & Data Quality capabilities to dramatically reduce the gap between your GDPR data requirements and the business advantage you need to maintain.

Increase Efficiency

Increase your organizational efficiency. With Irion clear understanding on your organizations governance structure allows you to understand exactly which data you need for GDPR compliance so you can connect it to other data you need in further processes.

“Since implementing our Irion solution we now have an automated, flexible and high performance system for risk analysis and regulatory compliance, increasing the understanding of our data and allowing for better decision making”
— Finance and Compliance Manager, International Bank Group