Diletta is an associate in the firm’s global Cybersecurity and Data Privacy practice. She works in the Brussels office.
Diletta assists organizations in complying with existing EU and national cybersecurity and privacy laws, such as NIS Directive & GDPR or the Cybersecurity Act and with upcoming developments, such as the ePrivacy Regulation. She assists clients in implementing compliance programs (and the training of staff post implementation of such programs), developing global data transfers mechanisms and the negotiation of data processing agreements. She has specific experience in developing incident management policies and procedures and in handling incidents in a cross border context (taking into account multiple cybersecurity, privacy and other regulatory frameworks, such as NIS and PSD2). She is also active on the transactional side (from cybersecurity and data privacy due diligence to audits and negotiations in the course of M&A operations).
Diletta regularly publishes articles on those matters and is a speaker on such topics. She is a member of the International Association of Privacy Professionals (IAPP) and serves as Young Privacy Professional Leader for the Brussels KnowledgeNet Chapter. She is active in the Digital Economy Committee at AmCham EU.
Diletta is CIPP/E certified by IAPP and holds the Data Protection Officer Certificate from Maastricht University and a Master of Laws degree in European Union Law from the College of Europe, where she wrote her master thesis on GDPR and its twofold impact on business activities and data subjects' rights.
Diletta is fluent in English and French, in addition to her native Italian.
- Represented a major insurance group in its integration of EU operations from a cybersecurity and data privacy point of view.
- Assisted a regulated institution in the management, follow up and remediation of a data breach. The representation includes dealing with cross-border regulatory context.
- Counselled a chemical manufacturer in the privacy aspects of the deployment of a whistleblowing hotline solution.
- Advised on a pro bono basis the Red Cross EU Office, the European Council on Refugees and Exiles, Medair, and the International Lesbian, Gay, Trans & Intersex Association in the review of their data mapping, legal basis for processing, privacy notices, privacy policies and in their vendor remediation exercise.
- Represented clients in the cybersecurity and data privacy aspects of due diligence, SPA negotiation and integration.
- Counselled a Chinese financial institution in relation to the technical standards, organizational measures and incident reporting under the PSD2 and the interplay with GDPR and national laws implementing the NIS Directive.
- Assisted US B2B marketing companies, email service providers, payment services providers, actor of the entertainment industry in assessing the impact of GDPR on their operations.
- Represented an hospitality client in the management of a high profile data breach taking place at the level of its booking platform.
- Counselled an international financial service institution in designing and implementing a cloud-based SaaS monitoring tool aiming to protect the integrity of its systems and networks.
- Advised the United Nations regarding international legal issues related to e-evidence and processing of personal data for law enforcement purposes.
- Represented an Italian brand of shoes and clothing in its GDPR readiness exercise and in navigating the changes of the CCTV legislation post GDPR in multiple countries.
- Assisted a global company providing payment solutions for e-commerce app in assessing its role (data controller/data processor) and related requirements under GDPR.
- Advised clients in a number of industries such as financial, marketing, insurance, in the drafting and negotiation of Art. 28 GDPR data processing agreements, representing both controllers and processors.
- Represented a leading supplier of automotive parts in dealing with the data privacy aspects of its global HR management and operations. The representation includes the assessment of the role of various group entities and in analyzing appropriate data transfer mechanisms to support the exchange of data necessary for staff appraisal.
- Developed a structured approach to GDPR compliance for several trade associations in multiple EU countries.
- Contributed to the HTNG Working Group on GDPR. The outcome is a White Paper and Self-Assessment Tool adopted in March 2018. The White Paper describes key considerations of GDP for the hospitality industry. The Assessment Tool aims to help professionals in the industry to evaluate their company's ability to comply with the new regulation. Over 50 companies (from hotel brands, to software companies) participated in HTNG's GDPR for Hospitality Workgroup.
Certified Information Privacy Professional/Europe (CIPP/E)
University of Maastricht (the Netherlands), Data Protection Officer Certification
College of Europe , Master of Laws
Salento University, Italy, LLB, cum laude
- Ordine Avvocati di Lecce (Italy)
- Young Privacy Professional Leader for the International Association of Privacy Professionals (IAPP) Brussels KnowledgeNet Chapter
- Member of IAPP
- Member of AmCham EU Digital Economy Committee