Skip to main content

Universal application 2 conduct Privacy Impact Assessment analysis and reports

Periodic Reporting for period 1 - U2PIA (Universal application 2 conduct Privacy Impact Assessment analysis and reports)

Reporting period: 2016-11-01 to 2017-03-31

Nier Soluzioni Informatiche is an innovative software company that operates since 2002 in the fields of security compliance, privacy compliance, and counselling on the protection of personal information in collaboration with law firms. We have a strong history and capacity to develop new products and services (~10% revenue growth), ~€4,1M turnover in 2015 with currently 80 employees, with established commercialization channels, and a big customer base of both private companies and public entities.
With the support of Orlandi & Partners Studio Legale, renowned legal experts focused on privacy and data protection that bring their deep expertise in legal privacy matters, we are launching U2PIA, a disruptive cloud platform designed to enable creation of in-depth analysis of the risks to which Personal Data are subject through a Privacy Impact Assessment (PIA). Our platform will address the requirements of the mandatory European regulation (approved on 2016/04/14, all EU member countries must have transposed it by 2018-05-06, and it shall apply from 2018-05-25), to avoid the huge penalties and severe sanctions that they could suffer if not executing properly this action (failure to comply exhibit manager to sanction a risk up to 20 million euros or, if higher, up to 4% of annual worldwide turnover).
To assess the technical viability of U2PIA, we have:
• Established a development and testing methodology that maximises reliability and user engagement.
• Deployed a development and testing infrastructure following the agile development methodology.
• Plan our future DEVOPS infrastructure (development operations) architecture that will allow us to maintain 3 different versions of our solution in 3 different sites: (1) production site; (2) internal testing site; and (3) internal development site.
• Defined the final version of our multi-tenant architecture.
• Advance in the development of each of the layers of our solution and prepare next steps, identifying both the resources and the development time to complete our solution, including a preliminary budget.
• Identified the main development risks and defined mitigation measures and contingency strategies.
• Finally, we have defined our needs in regards with the recruitment process to strengthen our team and implement the devised developments to finalise U2PIA.

To assess the commercial and financial viability, we have:
• Carried out a thorough market study, and established both our total available market (TAM), our potential market and the primary segments to focus on during the first 5-years of business.
• Run a market survey among a set of representative end-users of each of the targeted primary segments to further adapt our tool to each user profile and well-adapt to real users’ needs.
• Recruited the support of a set of representative end-users that will help us test our solution and validate the final commercial version.
• Defined a strategy that maximises our strengths to fully leverage the immense opportunity coming from this EU-wide need to realise PIAs.
• Built a preliminary commercialization and marketing plan (including SEO/SEM actions), accurately determining margin, price strategy, distribution channels, partnerships, including a preliminary estimation of the budget for commercialisation and exploitation actions.
• We have defined our IPR strategy and carried out freedom to operate studies, executing several measures to protect our IP rights and guarantee full freedom to commercialise U2PIA.
• Finally, we have identified the main commercialisation risks, setting mitigation measures and contingency strategies.

To assess the financial viability of our project, we have:
• Elaborated trading projections for different scenarios (worst-case and realistic), paying attention to a well-defined cost-structure that validate both the financial and the business viability of U2PIA even in the worst-case scenario.
• Elaborated the overall budget for executing both Phase-2 and the subsequent Phase-3 (commercialisation), and validated that we count with all necessary human and material resources.
U2PIA addresses the EU goal of accelerating the realisation of PIAs with a simple, didactic and affordable cloud-based tool that has no competitors as of today, pushing small and medium enterprises towards compliancy with the new EU directive. Moreover, we address effectively the demand coming from more than 20 million SMEs in Europe in the need of such tool with a wide portfolio of solutions that perfectly adapts to each targeted segment (DPOs/Consultants, SMEs, Public Instances) considering their specific needs and budget limitations.
U2PIA business opportunity will let us monetize our knowledge in ICT risk and privacy assessments through a full portfolio of B2B services customised for each segment. An opportunity that we value in a European Total Available Market of 200,000+ public instances, 250,000+ consultants and DPOs (Data Protection Officers) and 21 million private companies, all of them in the need of affordable and educational ICT risk assessment tools valid to perform the mandatory PIA.