GDPR Data Protection Officer
With our own professional team and we will provide you with all-inclusive service of a data protection officer who is fully qualified to perform such role under the conditions laid down in Article 37 of GDPR. Under the Regulation, controllers are required to mandate a data protection officer. However, controllers who do not meet such conditions may decide to designate a data protection officer.
The data protection officer will help controllers constantly monitor the compliance of the procedures in the handling of personal data in their organisation. This service includes the performance of all legal obligations as imposed on the data protection officer by GDPR and the Act No. 18/2018 Z. z. on Personal Data Protection. We have extended the DPO service to include inspection activities and regular supervision of personal data protection. Put simply, we can say that the data protection officer ensures regular monitoring of the compliance of the processing of personal data.
This service includes a process set up to achieve our client's compliance with the GDPR and the Act No. 18/2018 Z. z. on Personal Data Protection. Thanks to the steps below the processes and matters of personal data protection in your company will be provided in a simpler and easier way:
1) An analysis of the state of personal data protection and identification of all operations concerning personal data.
Such an analysis of the state of personal data protection with respect to GDPR is essential in order for processes to be set correctly. Based on a thorough analysis we will be able to:
- map the flow of personal data and define all operations performed upon personal data,
- define third parties to whom personal data is provided (under a contract or under a legal obligation).
- identify the categories of personal data you handle (normal personal data or sensitive personal data),
- determine whether you have adequate personal data protection in place in terms of security of personnel, buildings/facilities, and IT.
2) Developing a full set of all necessary documents to ensure compliance with GDPR.
After the initial analysis, it is necessary to prepare all documents and forms defining all flows of personal data and processes designed to ensure the protection of personal data. The documentation shall include the following:
- Risk Analysis that contains a quantification of all possible threats and impacts on personal data processing.
- Security Policy that describes the basic safety precautions necessary to maintain the integrity of personal data.
- Guidelines that serve to guide people who work with personal data, containing a description of procedures to handle personal data or to act in different situations, when providing information to data subjects or in the event of security incidents.
- Processing contracts for processors, which are used to ensure the protection of personal data when providing data for processing to another controller. These model contracts are prepared separately for each processor, based on the type of service that the processor renders to the controller.
- Information obligation for you to inform all data subjects of which personal data concerning them you process, to whom you provide the data, and of the rights of the data subjects.
- All necessary forms – consents, authorisations, records, etc. These documents are tailored for each client depending on the purpose and processing of personal data.
3. Implementing GDPR, which we consider one of the most important activities in the provision of our services. We will help you put the analysis and all the documents into practice. Setting up the protection of personal data is not just writing down the steps on paper, but mainly configuring the personal data protection system by adoption of certain security measures within the framework of:
- Building security – we can help you with designing a solution to improve the protection of personal data exactly for the categories the processed data (payroll, accounting, medical records, video surveillance system, registry etc.),
- Personnel Security – we will train all your employees on how to proceed with the processing of personal data, how to protect such data and how to prevent security incidents, or on the proper procedures in collecting and providing information on the processing of personal data,
- IT security – we will help you with the design of safety measures in cyberspace and educate authorised persons in the field of social engineering so that personal data of data subjects are protected in this area, too.
4. Regular care, advice, consulting.
Personal data protection spans across a broad range of issues and advances constantly. Regular advice served by the data protection officer will take away the burden from you to watch out for updates of new guidelines and revision of laws. Your assigned data protection officer will monitor all changes in the area of personal data protection and prepare the necessary forms accordingly, and keep you informed about current events in the area of personal data protection. The data protection officer will also perform periodic inspections and training activities in your organisation at agreed intervals to prevent any potential errors in the processing of personal data.
In the case you decide to expand your portfolio of services, with a data protection officer you can be sure that any new processing of personal data will be compliant with the current legislation.
