Information security

Preparation of a new, tailor-made, basic Controller's Security Documentation, updated according to the current legislation, available decision-making and interpretation practice of the authority (internal regulations intended for the protection of personal data)

With our own professional team and we will provide you with all-inclusive service of a data protection officer who is fully qualified to perform such role under the conditions laid down in Article 37 of GDPR. Under the Regulation, controllers are required to mandate a data protection officer. However, controllers who do not meet such conditions may decide to designate a data protection officer.

Processing of data protection impact assessment (DPIA) documentation pursuant to Art. 35 of the GDPR regulation, which is special documentation that the operator is obliged to process only if the legal prerequisites are met (e.g. large-scale processing of special categories of personal data, systematic monitoring of public spaces on a large scale, processing of biometric data and others).

Analysis of the processes in the processing of personal data at the customer processing personal data (mapping of purposes, processing of personal data, legal bases, security management, information security, physical security and object security, intermediary contracts, business conditions, regime measures, personnel and administrative security), which will be carried out on the basis of a personal consultation. The analysis shall include proposals for the security of personal data and proposals for the necessary measures to be taken and implemented by the Customer to bring the processing of personal data in line with the GDPR and the law. 

Setting up a cookies on websites in accordance with the amendment to the Electronic Communications Act and the GDPR regulation. We still encounter incorrect technical settings, settings of banners and information bars or information obligations. 

The training is focused on the legitimacy of personal data processing as well as the security of personal data. If interested, we can provide training aimed directly at the given professional group.

The topic of personal data protection does not only concern the GDPR regulation and the Personal Data Protection Act. When setting up individual processes and processing activities, it is also necessary to follow national legislation regulating the specific areas of activity of individual operators (e.g. crowdfunding, provision of installments and loans, etc.).

Under the Act no. 69/2018 Coll. on Cybersecurity and on Amendments to Certain Acts, an operator of essential services is required to introduce security measures, and is also obliged to verify the effectiveness of the security measures and compliance with the requirements established by this Act. An operator of an essential service is anyone who meets at least one sector-specific criterion and one impact criterion.

The subject of the service is the processing of documents pursuant to Act No. 215/2004 Coll. and the relevant decrees of the NSA (National Security Authority), the purpose of which is to ensure the processing of documentation that must be submitted to the National Security Authority in order to obtain an industrial security certificate for the classification level Restricted or Confidential (familiarisation with classified information, hereinafter referred to as the “CI”, storage of the CI in a protected area or together with the documentation for a technical means and the CI processing through a technical means).

We also carry out the security settings of the technical means (e.g. PC) according to the recommendations of the NSU -specified for your company, we will set up your technical means for the needs of certification.