GDPR Security Documentation
Our role in the provision of services is also developing a full set of security-related documentation tailor-made for each client containing all the information required in accordance with the Regulation of the European Parliament and the EU Council 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with the Act No. 18/2018 Z. z. on Personal Data Protection and on Amendments to Certain Acts. An all-inclusive and high-quality documentation requires:
1) An analysis of the state of protection of personal data and identification of all operations of personal data, which is the basis for correct setting of processes to ensure compliance with GDPR. Based on a thorough analysis we will know how to:
- map the flow of personal data,
- identify the categories of personal data you handle (normal or sensitive personal data),
- define all operations performed upon personal data,
- define third parties to whom personal data is provided, whether by contract or under a legal obligation.
- determine whether you have adequate personal data protection in place in terms of security of personnel, buildings/facilities, and IT.
2) Preparation of all necessary documents to ensure compliance with GDPR defining all processes for handling personal data and processes designed to ensure the security of personal data. The documentation shall include the following:
- Risk Analysis containing quantification of any potential threats and impacts on the protection of personal data,
- Security Policy describing the basic safety precautions necessary to maintain the integrity of personal data,
- Guidelines serving to guide people who work with personal data, containing a description of procedures to handle personal data in different situations (provision of information to data subjects, or in the event of security incidents),
- Information obligation, customised for you to use it to inform all data subjects of which personal data concerning them you process, to whom you provide the data, and of the rights of the data subjects,
- Contracts of processing used to ensure the protection of personal data when providing data for processing to another controller. These model contracts are prepared individually for each processor, based on the type of service that the processor renders to the controller.
- All necessary forms customised to the purpose and the processing of personal data (consents, authorisations, records, etc.).
