Preparation of a new, tailor-made, basic Controller's Security Documentation, updated according to the current legislation, available decision-making and interpretation practice of the authority (internal regulations intended for the protection of personal data), containing the following:
- Security policy pursuant to the Regulation, Act, Decree of the National Security Authority No. 336/2004 Coll. on Physical Security and Object Security, as amended, (elaboration of a security strategy in individual areas of security;
- physical and object security;
- security of information systems in the field of IT;
- personal security with a focus on the protection of personal data);
- technical and organisational measures (guideline and procedures for the processing of personal data by authorised persons);
- processing of the scope and permitted activities in the processing of personal (sensitive) data (without processing specific access rights for job positions);
- security analysis of risks in the processing of the protection of personal data pursuant to Article 25 and Article 32(2) of the Regulation, according to the standard STN ISO/IEC 27002 – information technology, list of personal data pursuant to Article13 of the Regulation;
- records of processing operations, if this obligation to the customer arises from the results of basic process analysis;
- security incident investigation documentation;
- emergency plan;
- templates of the registration of persons processing personal data for the controller (designation and instruction of persons processing personal data at the controller, so-called authorised persons);
- preparation of a tailor-made information obligation for data subjects, according to the individual purposes of the processing of personal data identified by the customer during the basic process analysis;
- processing of tailor-made intermediation contract pursuant to Article 28 of the Regulation for third parties, identified within the basic analysis, who process personal data on behalf of the customer;
- development of model forms necessary to comply with the GDPR and the law (model consents to the processing of personal data, guidance, advice and recommendations within websites, etc.);
- provision of information and explanations for the implementation of set processes and for the application of procedures within the real functioning of the customer, consultation on recommended measures as necessary.