Personal data protection (GDPR)
Adequate personal data protection is an essential challenge for a number of our clients. Especially during the period before May 2018, when the EU General Data Protection Regulation (GDPR) comes into force. KSP offers legal support in implementing new data security systems by:
Carrying out personal data audits which involve:
- identification of filing systems of processed data,
- verification of the processing procedures, which includes checking the legality of data processing and risks involved,
- review of personal data protection documentation in terms of its up-to-date status and compliance,
- review of the security procedures applied,
- verification of contracts under which personal data are made accessible to third parties,
- preparation of an audit report which includes final findings and recommendations,
- implementation of solutions agreed with the client, as the final stage of the process.
Advising on adequate data protection measures, which includes:
- preparation and update of internal documentation for personal data processing, including the data security policy and IT system management instruction,
- presentation of solutions for secure and legal transfer of personal data abroad (also to third countries which do not provide adequate data protection level), and for implementation of the Binding Corporate Rules and Standard Contractual Clauses,
- negotiation, preparation and evaluation of contracts and contractual clauses related to personal data processing,
- preparation of privacy policies for website service users, as well as notification, information, draft consents and data processing statements,
- advice on infringements of personal data security (data “leaks”) and data protection during internal proceedings (e.g. FCPA, competition law audits),
- representation of clients during inspection procedures before Inspector General for Personal Data Protection as well as during court and administrative proceedings,
- training of personal data controllers, information safety administrators, other staff members on personal data security.
Compliance with the requirements laid down in the GDPR can be verified and enforced starting on 25 May 2018. Infringement of personal data regulations may lead to imposition of a fine of up to EUR 20 million or 4% of the annual global turnover of an entrepreneur.
With a view to the foregoing, KSP experts have prepared a series of articles published on our blog dedicated to law and intellectual property, which describe the changes introduced by the GDPR. Their purpose is to facilitate preparation for implementation of the new requirements in enterprises: http://ksplegal.pl/blog-o-prawie/?kategoria=dane-osobowe (in Polish).