Data protection and privacy
Data protection is an area whose importance has been rapidly growing over the past years. Increasingly, compliance with the relevant regulations, including GDPR, is subject to scrutiny not only by public administrations but also by business partners. It is even more important when we take into account the fact that the majority of ongoing projects, particularly those related to new technologies, will process personal data.
In this area we offer:
- conducting audits in which we identify processes related to data processing in the organisation, as well as verify the legality of the practices in place, including a basis for processing, proper securing of data, the principles of sharing/trusting data to third parties, designating a Personal Data Protection Officer, and the proper implementation of the principle of accountability (concerning the proper documentation of obligations fulfilment under GDPR).
- drafting documents or verifying the correctness of existing documentation, including the register of processing activities, as well as related policies and procedures (e.g. web shop privacy policies, cookie policies, etc.).
- daily advisory services, consisting of issuing opinions on data protection regulations, advising on current issues, informing about changes in the applicable regulations, etc.
- representing clients in proceedings related to personal data protection, including the proceedings before the President of the Personal Data Protection Office
- providing assistance in responding to requests from individuals concerning, among others, the information on the scope of data processed, deletion of data, etc.
- managing response to personal data protection incidents, including the implementation of remedial measures as well as possible notifications of incidents to the competent supervisory authorities (the President of the Personal Data Protection Office) or to the injured party.
- drafting data processing agreements (including processing entrustment agreements, data sharing agreements, binding corporate rules, etc.), as well as representing clients during negotiations of similar agreements.
- acting as a Data Protection Officer
- conducting training sessions on demand related to GDPR (e.g. training courses for managers, the HR department, employees performing data processing activities, etc.).