PERSONAL DATA PROTECTION
Personal data are being processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”). Divides processors into various groups, out of which arises different obligations. Personal data protection falls in the area of maintaining basic human rights and freedoms. To data processors arises a number of duties associated with the data protection.
Developing security measures
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the right and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
The result of the measures is:
The result of the measures is:
-
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
-
ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
Our services
Position of
Data Protection Officer
(Art.32 GDPR)
Data Protection Officer (DPO) play a key role in your organization`s data protection governance structure. Persons authorized by us are highly qualified professionals with many years of experience with auditing informational systems and assessing risks. They are trained in both national and European law of data protection and its application in practice.
Data Protection Officer (DPO) play a key role in your organization`s data protection governance structure. Persons authorized by us are highly qualified professionals with many years of experience with auditing informational systems and assessing risks. They are trained in both national and European law of data protection and its application in practice.
Data Protection
Impact Assessment
(Art.35 GDPR)
Data Protection Impact (DPIA) is required for systematic personal data processing, which is based on automated data processing, processing of specific categories of personal data in large quantities and systematic monitoring publicly accessible places in large scale.
Data Protection Impact (DPIA) is required for systematic personal data processing, which is based on automated data processing, processing of specific categories of personal data in large quantities and systematic monitoring publicly accessible places in large scale.
Development of Data
Processing Agreements
(Art.28 GDPR)
Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
Other services
- Personal data breach
(Art.33 and 34 GDPR) - Proportionality test
(Art.6(1)(F) GDPR) - Representation of controllers
(Art.27 GDPR) - Certifications
(Art.42 GDPR) - Expert and legal advice
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.
We will provide:
-
cooperation in case of handling an incident and proposing adequate measures
-
processing a notice of personal data breach for the Office for Personal Data Protection
- processing a notice of personal data breach for data subjects
-
cooperation with the Office for Personal Data Protection
We will design:
- internal procedures that provide general principles and responses to a violation of privacy (data breach)
Personal data processing shall be judged in relation to its purpose. Proportionality tests are needed to be done in case the processing is based on legitimate interests (within the meaning of article 6 section 1, letter f, which controls the controller or the third party).
This does not apply to the processing conducted by the public authorities carrying out their responsibilities.
In accordance with the required provisions of GDPR and valid law we will:
In accordance with the required provisions of GDPR and valid law we will:
- asses the legitimacy of the legal basis for the processing of personal data
- perform proportionality tests, which will assess the suitability, necessity and the adequacy of processing of personal data with respect to the compliance with the data subject’s fundamental rights and freedoms
This applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
Controllers and processors can, in the field of data protection, create certification mechanisms for the purpose of demonstrating compliance with Regulation of processing operations.
Certification is possible after completion of required criteria approved by a competent surveillance authority.
Our professional consultants will provide you with all the needed information regarding certification of your products and services. They will guide you through the whole preparation process to the successful certification.
Certification is possible after completion of required criteria approved by a competent surveillance authority.
Our professional consultants will provide you with all the needed information regarding certification of your products and services. They will guide you through the whole preparation process to the successful certification.
Personal data can be processed only in the manner established by the GDPR regulation or by the valid law, so the fundamental rights and freedoms of a data subjects are not violated. Most importantly their right to dignity and the right to privacy.
Within our activities we offer the following services:
Within our activities we offer the following services:
-
In case you process personal data of natural persons
-
Consultancy in the field of personal data protection.
-
Cooperation in case of a control by Surveillance Authority.
-
Representing before the Surveillance Authority.
-
Consultancy in case of a cross-border transfer of personal data.
-
Consultancy in case of a transfer of personal data to third countries..
-
Elaboration of a consent to the processing of personal data.
-
Elaboration of contract between the controller and the processor.
-
Elaboration of general rules of personal data protection for e-shops, web portals, club memberships (Club cards), etc.
-
Elaboration of internal Binding Corporate Rules.
-
Elaboration of contractual clauses.
-
Elaboration of Code of Conduct.
-
-
In case you are a natural person
-
Filing an application for the protection of personal data.
-
Filing a Call for Input.
-
Filing of remedies.
-
0
Clients in EU
0
Data protection officer
0
We are in countries
