GDPR security documentation

Preparation of a new, tailor-made, basic Controller's Security Documentation, updated according to the current legislation, available decision-making and interpretation practice of the authority (internal regulations intended for the protection of personal data), containing the following:

  • Security policy pursuant to the Regulation, Act, Decree of the National Security Authority No. 336/2004 Coll. on Physical Security and Object Security, as amended, (elaboration of a security strategy in individual areas of security;
  • physical and object security;
  • security of information systems in the field of IT;
  • personal security with a focus on the protection of personal data);
  • technical and organisational measures (guideline and procedures for the processing of personal data by authorised persons);
  • processing of the scope and permitted activities in the processing of personal (sensitive) data (without processing specific access rights for job positions);
  • security analysis of risks in the processing of the protection of personal data pursuant to Article 25 and Article 32(2) of the Regulation, according to the standard STN ISO/IEC 27002 – information technology, list of personal data pursuant to Article13 of the Regulation;
  • records of processing operations, if this obligation to the customer arises from the results of basic process analysis;
  • security incident investigation documentation;
  • emergency plan;
  • templates of the registration of persons processing personal data for the controller (designation and instruction of persons processing personal data at the controller, so-called authorised persons);
  • preparation of a tailor-made information obligation for data subjects, according to the individual purposes of the processing of personal data identified by the customer during the basic process analysis;
  • processing of tailor-made intermediation contract pursuant to Article 28 of the Regulation for third parties, identified within the basic analysis, who process personal data on behalf of the customer;
  • development of model forms necessary to comply with the GDPR and the law (model consents to the processing of personal data, guidance, advice and recommendations within websites, etc.);
  • provision of information and explanations for the implementation of set processes and for the application of procedures within the real functioning of the customer, consultation on recommended measures as necessary.
from €500.00
The price is stated without VAT and may be increased depending on the scope of the work performed and the scope of personal data processing.

Initial consultation

Initial consultation lasting 30 minutes - discussing the company's main activities and goals.

Answering questions

Answering basic questions in the area of personal data processing purposes - 30 minutes.

Drafting of a comprehensive security documentation

Preparation of a comprehensive security documentation reflecting your needs, including preparation of a risk analysis and recommendations of technical and organisational measures for the implementation of the GDPR and the law into the processes of the organisation.

The security documentation contains:

  • Security policy pursuant to the Regulation, Act, Decree of the National Security Authority No. 336/2004 Coll. on Physical Security and Object Security, as amended, (elaboration of a security strategy in individual areas of security;
  • physical and object security;
  • security of information systems in the field of IT;
  • personal security with a focus on the protection of personal data);
  • technical and organisational measures (guideline and procedures for the processing of personal data by authorised persons);
  • processing of the scope and permitted activities in the processing of personal (sensitive) data (without processing specific access rights for job positions);
  • security analysis of risks in the processing of the protection of personal data pursuant to Article 25 and Article 32(2) of the Regulation, according to the standard STN ISO/IEC 27002 – information technology, list of personal data pursuant to Article13 of the Regulation;
  • records of processing operations, if this obligation to the customer arises from the results of basic process analysis;
  • security incident investigation documentation;
  • emergency plan;
  • templates of the registration of persons processing personal data for the controller (designation and instruction of persons processing personal data at the controller, so-called authorised persons);
  • preparation of a tailor-made information obligation for data subjects, according to the individual purposes of the processing of personal data identified by the customer during the basic process analysis;
  • processing of tailor-made intermediation contract pursuant to Article 28 of the Regulation for third parties, identified within the basic analysis, who process personal data on behalf of the customer;
  • development of model forms necessary to comply with the GDPR and the law (model consents to the processing of personal data, guidance, advice and recommendations within websites, etc.);
  • provision of information and explanations for the implementation of set processes and for the application of procedures within the real functioning of the customer, consultation on recommended measures as necessary.

Our goal is to benefit the client

Choosing the right and reliable advisor is always a great help in improving yourself. Above all, consulting in the field of law is extremely broad-spectrum and affects almost all areas of the life of entrepreneurs and individuals, therefore the choice of a legal advisor is extremely important. In the law office Hronček & Partners, s. r. o. we pay attention to professionalism and high quality legal services with an individual approach. Our main goal is to provide legal services of the highest quality and to bring innovative and professional solutions for the client so that we become their trusted partner.

More services in the field of data protection and security

GDPR Data Protection Officer

On demand
The price is stated without VAT and may be increased depending on the scope of the work performed and the scope of personal data processing.

With our own professional team and we will provide you with all-inclusive service of a data protection officer who is fully qualified to perform such role under the conditions laid down in Article 37 of GDPR. Under the Regulation, controllers are required to mandate a data protection officer. However, controllers who do not meet such conditions may decide to designate a data protection officer.

Data protection impact assessment

On demand

Processing of data protection impact assessment (DPIA) documentation pursuant to Art. 35 of the GDPR regulation, which is special documentation that the operator is obliged to process only if the legal prerequisites are met (e.g. large-scale processing of special categories of personal data, systematic monitoring of public spaces on a large scale, processing of biometric data and others).

GAP analysis – GDPR

€1,800.00
The price is stated without VAT and may be increased depending on the scope of the work performed and the scope of personal data processing.

Analysis of the processes in the processing of personal data at the customer processing personal data (mapping of purposes, processing of personal data, legal bases, security management, information security, physical security and object security, intermediary contracts, business conditions, regime measures, personnel and administrative security), which will be carried out on the basis of a personal consultation. The analysis shall include proposals for the security of personal data and proposals for the necessary measures to be taken and implemented by the Customer to bring the processing of personal data in line with the GDPR and the law. 

Legal setting of cookies on websites

€200.00
The price is shown without VAT.

Setting up a cookies on websites in accordance with the amendment to the Electronic Communications Act and the GDPR regulation. We still encounter incorrect technical settings, settings of banners and information bars or information obligations. 

Training in the field of personal data protection

On demand
The total price depends on the number of people, the number of trainings and the number of areas/agendas in which your employees need to be trained.

The training is focused on the legitimacy of personal data processing as well as the security of personal data. If interested, we can provide training aimed directly at the given professional group.

Expert advice in the processing of specific processing activities of personal data

On demand
The price depends on the scope of personal data processed in your company and the content and specifications of the project.

The topic of personal data protection does not only concern the GDPR regulation and the Personal Data Protection Act. When setting up individual processes and processing activities, it is also necessary to follow national legislation regulating the specific areas of activity of individual operators (e.g. crowdfunding, provision of installments and loans, etc.).

Information security

On demand
The price depends on the scope of the work performed.

Information security is a solution for securing information systems, information and access to data. The information security management system is evolving with respect to the culture, processes, technologies and requirements of your company / organization. ISO / IEC 27000 standards are a recognized standard in this area to help ensure that your information security policy is appropriate.

Cybersecurity

On demand

Under the Act no. 69/2018 Coll. on Cybersecurity and on Amendments to Certain Acts, an operator of essential services is required to introduce security measures, and is also obliged to verify the effectiveness of the security measures and compliance with the requirements established by this Act. An operator of an essential service is anyone who meets at least one sector-specific criterion and one impact criterion.

Industrial Security and Classified Information

On demand
The price depends on the degree of secrecy and the type of access to classified information.

The subject of the service is the processing of documents pursuant to Act No. 215/2004 Coll. and the relevant decrees of the NSA (National Security Authority), the purpose of which is to ensure the processing of documentation that must be submitted to the National Security Authority in order to obtain an industrial security certificate for the classification level Restricted or Confidential (familiarisation with classified information, hereinafter referred to as the “CI”, storage of the CI in a protected area or together with the documentation for a technical means and the CI processing through a technical means).

We also carry out the security settings of the technical means (e.g. PC) according to the recommendations of the NSU -specified for your company, we will set up your technical means for the needs of certification.


Let's discuss your project together.

Company *
Povinná položka
Company ID
Name
Required
Surname *
Required
E-mail *
Required. Write the e-mail address in correct form.
Telephone number
Required
Message *
Required

More information about the processing of your personal data can be found HERE.

Povinná položka