Compliance without panic, contracts without surprises.
When an OakNet client needs an external DPO appointment, a GDPR audit on internal processes, or an opinion on a cloud contract, we connect them with the firm. For more technical cases (a data breach, an inspection by the Garante) we hold a three-way meeting. Lean process, no extra-long invoices.
The services we get asked for most.
DPO appointment + monitoring
Official appointment, processing register review, training, annual audit.
Privacy assessment
Processing mapping, gap analysis, compliance plan.
Contracts & legal review
Review of cloud, SaaS, data processing agreements with foreign suppliers.
NIS2 compliance
NIS2 scope analysis, security measures, risk management and incident notification duties. Data protection aligned with the Garante's requirements.
Technical triage, legal support.
Sure you're compliant?
Active company, never made compliant
You've operated for years with no processing register or up-to-date privacy notices. If the Garante inspects, fines start in the thousands of euro, even if nothing happened. We get you compliant before it does.
Garante complaint or inspection
It takes one ex-employee or client filing a complaint. With no register, appointments or notices you answer empty-handed, with an open inquiry and a likely fine. We prepare the paperwork before it's needed.
Active data breach
An attack or an email in the wrong hands: you have 72 hours to notify the Garante, or your position worsens. OakNet technical triage + TDZ legal support within 24h to handle it in time.
Data collected without realising
Website forms, newsletters, CCTV, the management system with client data: each is a processing activity to declare. If it isn't, you're exposed. We map it all and bring you into compliance.