Personal data protection (GDPR)
Adequate personal data protection is an essential challenge for our clients. The provisions of the EU General Data Protection Regulation (GDPR) and the new Polish Act on Personal Data Protection of 10 May 2018 gave rise to new obligations and triggered numerous questions among entrepreneurs and data subjects.
During the last 2 years, which was the period of preparation for the GDPR’s entry into force, we carried out several dozen audits and personal data system deployments at clients operating the IT, automotive, medical service, waste management, energy, steel and food sectors, as well as at smaller clients wanting to ensure adequate security of data processing.
We perform personal data audits involving:
- identification of the personal data subject to processing,
- verification of the processing procedures, which includes checking the legality (legal basis) of data processing,
- review of personal data protection documentation in terms of its up-to-date status and compliance,
- review of the security procedures in place,
- verification of contracts under which personal data are made accessible to third parties,
- evaluation of the need to appoint the data protection officer.
We advise on adequate data protection measures, which includes:
- preparation and update of the internal documentation for personal data processing, including the data security policies and IT system management instructions,
- presentation of solutions for secure and legal transfer of personal data abroad (also to third countries which do not provide adequate data protection level), and for implementation of the Binding Corporate Rules and Standard Contractual Clauses,
- negotiation, preparation and evaluation of contracts and contractual clauses related to personal data processing,
- preparation of privacy policies for website service users, as well as notifications, information, draft consents and data processing statements,
- advice on breach of personal data protection (data “leaks” and breach notifications to the supervisory authority) and data protection during internal proceedings (e.g. FCPA, competition law audits),
- representation of clients during inspection and audit procedures as well as during court and administrative proceedings,
- training of personnel responsible for personal data protection in companies.