ODV and DPO function


The Supervisory Body 231 is an essential component in organization and management models (so-called “MOG”).

The importance of the office requires compliance with certain requirements, such as autonomy, independence, professionalism, continuity of action and integrity.

In compliance with the Legislative Decree no. 231/2001, the Supervisory Body is entrusted with the following tasks:

  • Supervise the effectiveness of the “MOG” and its correct application, as well as all the protocols and procedures envisaged by the same, in such a way as to guarantee consistency between concrete behaviors and the Established Model;
  • Critically use the information flows envisaged by the Model for supervisory purposes;
  • Analyze the maintenance over time of the solidity and functionality requirements of the “MOG”;
  • Take care of the necessary dynamic updating of the Model, in the hypothesis in which the analysis carried out make it necessary to make corrections and adjustments, through the formulation of proposals to the Administrative Body for any adjustments to the Model that may become necessary as a result of: i) significant violations of the prescriptions of the model; ii) regulatory changes; iii) significant changes to the internal structure of the company and/or business activities;
  • Ensure any violations of the Model that may give rise to liability for the entity, and report the results of the aforementioned investigations to the Administrative Body;
  • Manage or monitor training and information initiatives for the dissemination of knowledge and understanding of the Model by the related recipients.

The GTA Law Firm is able to support its customers by covering this role with its own specifically trained professionals.


The Data Protection Officer is a figure introduced in Italy by the “GDPR” – European Regulation on the protection of personal data no. 2016/679 – with legal, risk management and process analysis skills.

His role is to monitor compliance with the Regulation, supporting companies with specific knowledge in order to improve the level of compliance with the legislation and mitigate the risks also in relation to the heavy penalties provided for by the Regulation.

In particular, the DPO has the duty to verify the attribution of responsibilities, the awareness and training of the personnel who participate in the processing and related control activities. The DPO cooperates and acts as a point of contact with the supervisory authority (Italian Data Protection Authority, so-called “Garante Italiano per la Protezione dei dati personali”). The GTA Law Firm is able to support its customers by covering this role with its own specifically trained professionals.