Month: November 2023

Italian companies’ law: division by separation

Posted on by Lorenzo Princivalle

Transposition of the Directive (EU) 2019/2121 in Italy

Italy has recently transposed the Directive (EU) 2019/2121 of 27 November 2019 (amending Directive (EU) 2017/1132 as regards cross-border conversions, mergers and divisions), setting forth, inter alia, the rules governing the division by separation (scissione mediante scorporo).

Forms of company division available before the transposition

Until the transposition of Directive (EU) 2019/2121, the Italian law regulated only two kinds of company division:

  • Full division
  • Partial division

In case of a full division (scissione totale), a company, on – usually – being dissolved without going into liquidation, transfers all its assets and liabilities to two or more recipient companies, in exchange for the issue to the members of the company being divided of securities or shares in the recipient companies.

In case of a partial division (scissione parziale), a company transfers part of its assets and liabilities to one or more recipient companies, in exchange for the issue to the members of the company being divided of securities or shares in the recipient companies, and, under certain circumstances, in the company being divided or in both the recipient companies and the company being divided.

Division by separation

When a division by separation (scissione mediante scorporo) occurs, a company being divided transfers part of its assets and liabilities to one or more newly formed recipient companies, in exchange for the issue to the company being divided of securities or shares in the recipient companies.

More in details, the new rules have been enacted by implementing the Italian Civil Code with article 2506.1, headed ‘Scissione mediante scorporo’.

Furthermore, it has been discussed whether the company being divided can assign all of its assets and liabilities to the recipient company(ies). The prevalent opinion is that only part of the assets and liabilities can be assigned, thus sticking to the literal meaning of article 2506.1: if all the assets and liabilities were transferred, the transaction should be considered a contribution in kind (conferimento).

In addition, it is important to note that recipient company(ies) have to be newly formed and cannot pre-exist the division.

ENISA’s Data Processing Risk Analysis Method

Posted on by Valentina Apruzzi

Data processing is a critical aspect of business operations in the digital age. Protecting sensitive information and ensuring data privacy is of paramount importance. The European Union Agency for Cybersecurity (ENISA) offers a comprehensive risk analysis method to help organizations assess and manage data processing risks. Hereby we will describe the ENISA’s approach and explain how it can be a valuable tool for safeguarding data.

What is ENISA?

ENISA, the European Union Agency for Cybersecurity, plays a pivotal role in enhancing the overall cybersecurity posture of EU member states. One of their key contributions is the development of guidelines and methodologies for various aspects of cybersecurity, including data protection.

ENISA’s Data Processing Risk Analysis Method

ENISA’s method for analyzing data processing risks is a structured approach designed to help organizations understand the threats and vulnerabilities associated with their data processing activities. It consists of the following key steps:

Data Mapping:

Identify and document the types of data your organization processes.
Determine where the data is stored, how it’s collected, and who has access to it.

Risk Assessment:

Assess the potential risks and threats that could impact the confidentiality, integrity, and availability of the data (CIA). Consider factors such as data breaches, unauthorized access, data loss, and compliance infringements.

Risk Identification:

Identify vulnerabilities in your data processing systems.
Pinpoint external threats and internal risks, such as human error or technical failures.

Risk Evaluation:

Evaluate the potential impact and likelihood of each risk.
Prioritize risks based on their significance and potential consequences.

Risk Mitigation:

Develop and implement security measures to reduce the identified risks.
This may include encryption, access controls, regular audits, and employee training.

Continuous Monitoring:

Regularly monitor your data processing activities and risk mitigation measures.
Adapt and update your risk analysis as new threats emerge or the business environment changes.

Reasons to use ENISA’s Data Processing Risk Analysis Method

ENISA’s approach is invaluable for several reasons.

Legal Compliance: It helps organizations comply with the EU’s General Data Protection Regulation (GDPR) and other data protection laws.

Proactive Risk Management: By identifying and mitigating risks in advance, organizations can prevent data breaches and costly legal consequences.

Enhanced Data Security: The method ensures data is stored and processed securely, protecting both the organization and its data subjects.

Data subject trust: By taking data protection seriously, organizations can build a strong relationship based on trust with their customers and partners.

Conclusion

ENISA’s data processing risk analysis method is a valuable tool for small and medium size organizations seeking to protect sensitive information and comply with data protection regulations. By following this structured approach, businesses can systematically identify and mitigate data processing risks, ensuring the security and privacy of the data they handle. In an era where data is a critical asset, ENISA’s methodology is a proactive step towards safeguarding it.