From May 25, 2018 new regulations will apply to the protection of personal data – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – commonly known as the GDPR.
The scope of our Law Firm’s GDPR consists of five basic aspects:
1. GDPR Trainings for managers and employees;
a) Training: How to prepare a company for the audit and implementation of the GDPR?
b) GDPR for Data Protection Officers
c) GDPR for IT
d) GDPR for HR departments
e) GDPR for employees – customer service departments
f) GDPR for doctors (MDs)
g) GDPR for the medical industry
h) GDPR for sales represenantives and sales departments
i) GDPR for foundations and associations
2. Legal Compliance Audit and GDPR Compliance Report
Legal GDPR audit in the scope of the GDPR is a legal advisory service which includes checking the correctness of existing documentation, procedures and organization culture in the scope of personal data protection. The audit is summarized in a report which indicates the correct practices applied by the audited company.
The report also indicates areas that need improvement and, among others, implementation of new internal procedures, renegotiation of agreements with service providers and with company’s clients, changes in internal documentation, development of security incidents reporting system, employee trainings or legal assessment of the IT solutions.
3. GDPR Recommendations Report
At the customer’s request, it is possible to prepare a GDPR Recommendations Report for companies and/or NGOs. The report will indicate the actions, policies and practices that are recommended for the particular organization in order to achieve compliance with the GDPR.
This report is preceded by a legal audit of GDPR compliance.
4. GDPR Implementation – legal advisory services
The service includes legal advice in the field of adaptation of the company’s operations, its procedures and documentation to the requirements of the GDPR.
The implementation of the GDPR includes, among others:
– adjusting the company’s internal documentation to the requirements of the GDPR, including:
* developing a policy for the protection of personal data,
* developing a design for the personal data processing register,
* elaboration of the authorization records template
* preparation of consent forms for the processing of personal data
– staff trainings – including the management staff, owners of the company, people responsible for the company’s IT security, HR departments, sales, customer service and PR;
– adaptation of company’s internal procedures re. personal data protection to the requirements of the GDPR,
– renegotiation of contracts with service providers and with company clients,
– development of a security incident reporting system and
– legal advice in negotiating terms of providing IT services by external entities.
5. Current support in the scope of the GDPR
– Ongoing support for the organization re. the application of the GDPR, implementation of personal data security procedures, building the organization’s security culture and staff trainings.
– Ongoing legal advice in the field of responding to incidents related to the threat or breach of personal data security.
– Ongoing legal advice in the field of responding to claims and requests of individuals or supervision authorities (claims management).