A continuously updated specialised team, for a constantly evolving matter

Legance combines in-depth knowledge of the topic, with the ability to assess individual cases on a multidisciplinary basis.

The Firm provides detailed analysis of all issues regarding data regulations, and their implications in the various areas of interest, such as labour law, corporate law, consumer law, compliance, antitrust, and cybersecurity

Our advice covers all issues related to data laws with particular attention to those dealing with the GDPR, the Italian Privacy Act, the Cybersecurity Legislation, the management and implementation of data protection schemes and Artificial Intelligence and the implications of disciplines such as the Data Act and the Data Governance Act.

We also assist clients in the development of their internal privacy organisational chart, in the review and drafting of the mandatory documentation and legal instruments, including data processing agreements and joint controllership agreements, in the privacy assessments such as the LIA and the DPIA, in the assessments and execution of legal duties in case of data breaches or cyber attacks and in drafting and/or reviewing data sharing agreements, transitional service agreements, data migration plans, etc.

Besides supporting clients with any claim before the Italian data protection Authority and/or Civil Courts, the team provides training sessions to keep clients up to date on such an important but ever-changing subject, including artificial intelligence, new legislation on life sciences and clinical trials, recently enacted cybersecurity regulations, etc.


  • support in the development of an internal privacy organizational chart and analysis of the possible need for appointment of a Data Protection Officer (DPO); assistance on data related matters in the context of M&A transactions (due diligence on data protection and cybersecurity matters, risk assessments, R&W on data matters, drafting of the contractual arrangements related to data management, support in the negotiation of the W&I etc.)
  • revision and drafting of contractual arrangements related to data and data governance (transitional services agreements, data migration agreements, data processing agreements, joint controllership agreements, T&Cs etc.)
  • revision and drafting of the relevant compliance documentation in the field of data protection (internal policies and procedures, information notices, records of processing activities, legitimate interest assessments etc.);
  • assessment of  the legitimacy of the data processing activities, including the carrying out of data protection impact assessments (DPIAs);
  • analysis of legal themes involving profiling, automated decisions, cloud computing, internet of things, background checks;
  • support and advice in all aspects of data protection law, including data security and data breach, retention policy, data transfers outside the European Union, employees’ monitoring activity, geolocation activity, clinical trials and privacy in health and social care;
  • support in any legal action before the Italian data protection authority and/or Civil Courts;
  • training sessions.