How can we help your business to comply with GDPR?
1.Legal analysis of the personal data processing, including:
1.Legal analysis of the personal data processing, including:
– Subject of activity, employee/ workers, clients/ partners;
– Type of personal data, subject to processing;
– Grounds of processing;
– Existence of registration as Controller of personal data;
– Analysis of personal data exchange systems;
– Analysis and audits of the existing rules for handling personal data.
2. On the basis of the analysis under item 1, we will prepare a Compliance Report, that will determine the nature, scope and purpose of the personal data processing and will provide recommendations on the possible legal grounds for lawful personal data processing. We will also identify the new requirements in view of the specifics of your activity, including in the case of processing special categories of personal data or/and cases of cross-border data transfers.
2. On the basis of the analysis under item 1, we will prepare a Compliance Report, that will determine the nature, scope and purpose of the personal data processing and will provide recommendations on the possible legal grounds for lawful personal data processing. We will also identify the new requirements in view of the specifics of your activity, including in the case of processing special categories of personal data or/and cases of cross-border data transfers.
3. On the basis of the analysis under item 1, we will assess whether you should appoint a Personal Data Protection Officer.
4. On the basis Compliance Report, we will prepare the necessary legal/ internal documentation to comply with GDPR, such as:
– Forms for providing information;
– Consent of the data subjects;
– Agreement between Processor and Controller under GDPR meaning;
– Company policy for documents turnover and personal data protection, Code of Conduct;
– Personal data protection clauses for employments contracts, annexes and job descriptions;
– Internal procedures for the reception, consideration and response within one month of individuals’ requests for the exercises of their rights as data subjects and the establishment of an organization for their implementation in practice;
– Internal procedures for personal data breach action plan to comply with the obligation to inform the Data Protection Commission within 72 hours of becoming aware of the violation;
– Internal register of the personal data processing.