The personal data protection service is important for several reasons. Personal data is a valuable asset for many organizations, but its processing also brings certain risks and responsibilities. The protection of personal data is becoming increasingly important due to the growing number of cyber threats and attacks that aim to obtain or misuse this data. Organizations that do not ensure the processing of personal data in accordance with applicable legal regulations may face serious consequences such as fines, loss of credibility and reputation, as well as legal proceedings. Providing personal data protection services helps organizations ensure that their work with personal data complies with applicable laws and standards. In this way, organizations can minimize the risks associated with personal data breaches and improve the trust of customers and partners towards their work with personal data.
Services in the field of personal data protection and data security
GDPR security documentation
Preparation of a new, tailor-made, basic Controller's Security Documentation, updated according to the current legislation, available decision-making and interpretation practice of the authority (internal regulations intended for the protection of personal data)
GDPR Data Protection Officer
With our own professional team and we will provide you with all-inclusive service of a data protection officer who is fully qualified to perform such role under the conditions laid down in Article 37 of GDPR. Under the Regulation, controllers are required to mandate a data protection officer. However, controllers who do not meet such conditions may decide to designate a data protection officer.
Data protection impact assessment
Processing of data protection impact assessment (DPIA) documentation pursuant to Art. 35 of the GDPR regulation, which is special documentation that the operator is obliged to process only if the legal prerequisites are met (e.g. large-scale processing of special categories of personal data, systematic monitoring of public spaces on a large scale, processing of biometric data and others).
GAP analysis – GDPR
Analysis of the processes in the processing of personal data at the customer processing personal data (mapping of purposes, processing of personal data, legal bases, security management, information security, physical security and object security, intermediary contracts, business conditions, regime measures, personnel and administrative security), which will be carried out on the basis of a personal consultation. The analysis shall include proposals for the security of personal data and proposals for the necessary measures to be taken and implemented by the Customer to bring the processing of personal data in line with the GDPR and the law.
Legal setting of cookies on websites
Setting up a cookies on websites in accordance with the amendment to the Electronic Communications Act and the GDPR regulation. We still encounter incorrect technical settings, settings of banners and information bars or information obligations.
Training in the field of personal data protection
The training is focused on the legitimacy of personal data processing as well as the security of personal data. If interested, we can provide training aimed directly at the given professional group.
Expert advice in the processing of specific processing activities of personal data
The topic of personal data protection does not only concern the GDPR regulation and the Personal Data Protection Act. When setting up individual processes and processing activities, it is also necessary to follow national legislation regulating the specific areas of activity of individual operators (e.g. crowdfunding, provision of installments and loans, etc.).
Information security
Information security is a solution for securing information systems, information and access to data. The information security management system is evolving with respect to the culture, processes, technologies and requirements of your company / organization. ISO / IEC 27000 standards are a recognized standard in this area to help ensure that your information security policy is appropriate.
Cybersecurity
Under the Act no. 69/2018 Coll. on Cybersecurity and on Amendments to Certain Acts, an operator of essential services is required to introduce security measures, and is also obliged to verify the effectiveness of the security measures and compliance with the requirements established by this Act. An operator of an essential service is anyone who meets at least one sector-specific criterion and one impact criterion.
Industrial Security and Classified Information
The subject of the service is the processing of documents pursuant to Act No. 215/2004 Coll. and the relevant decrees of the NSA (National Security Authority), the purpose of which is to ensure the processing of documentation that must be submitted to the National Security Authority in order to obtain an industrial security certificate for the classification level Restricted or Confidential (familiarisation with classified information, hereinafter referred to as the “CI”, storage of the CI in a protected area or together with the documentation for a technical means and the CI processing through a technical means).
We also carry out the security settings of the technical means (e.g. PC) according to the recommendations of the NSU -specified for your company, we will set up your technical means for the needs of certification.