Smart security

Practically every company in the world processes personal data.

Particular challenges in this area are faced by companies operating in the Technology, Media and Telecommunications and IT industries, to which we address our services.

We have legal competence

We combine legal competence with the knowledge of technical standards and business realities.

We are a team of competent legal advisors preparing organizations from the TMT/IT industry to GDPR, at every stage of their operations, regardless of their country of origin.

Our scope of work

We advise our clients on team-level, always suggesting specific solutions.

Far from merely duplicating standard solutions, we provide tailored services considering industry-specific pitfalls and risks.

We help to verify if GDPR applies to your business and, if yes, we help you to achieve compliance. Depending on your needs and situation, we focus on specified services you provide, on your locations / subsidiaries, or on your entire business.

What we do:
– check, to what extend you need to implement GDPR in your business (this may include an audit);
– design simple and specifically cut-out GDPR solutions for your business;
– help to implement all necessary procedures and changes in your operations (if needed);
– explain how to document compliance in order to be ready for any external audits.

To help you understand what personal data you process and if you do it correctly, we carry out comprehensive audits. This includes meeting with your staff, asking a dozen of questions and getting really good understanding of your business needs. Do not be afraid – we focus on doing it in a way that does not require too much effort on your side, and we have a risk-based approach. In the end you will receive a report (excel sheet), where we show you all the gaps and suggest solutions that fit your business.

We may help you check, if in particular:
– GDPR solutions in your company are up-to-date with current GDPR requirements;
– procedures and documents related to GDPR in your company are adequate to the actual personal data processing;
– your employees are aware of how to behave when encountering personal data at work;
– any GDPR measures implemented in your company can be simplified or adjusted to the way you carry out your business.

Coordinating the implementation of GDPR within a capital group (also globally) or as a part of a project collaboration between individual departments in your company.

We will advise how to:
– harmonise the execution of GDPR compliance regarding all entities in a group;
– synchronise GDPR solutions between all departments in your company;
– adjust appropriate GDPR measures between your company and your clients, contractors and business partners;
– optimise personal data transfer compliant with GDPR between your company and your clients, contractors and business partners.

Negotiations with clients, contractors and business partners (for example data processing agreements).

With us you can easily:
– establish a fair and secure template of entrusting agreement meeting the characteristics of your company;
– settle terms of your every-day cooperation involving personal data with any other company;
– define the rules you play by during any dispute;
– resolve a dispute in a way that is satisfactory for both sides.

Some processing activities you may want to conduct require extra safeguards. With them we help you conducting a Data Protection Impact Assessment (DPIA).

Harness the ability to:
– assess and manage risks related to personal data processing;
– design security measures for personal data protection based on the risk related to every process;
– strengthen personal data protection in current activities;
– ensure safe and legal personal data processing within your company and the whole capital group of companies.

Preparation of any necessary documentation both within the corporation and in external relations. Be prepared to demonstrate safety and legality of personal data processing within your company by establishing your internal, specifically cut-out for your business:
– authorisations to process personal data;
– privacy policies;
– templates of entrusting agreements;
– template contract clauses concerning processing of personal data;
– procedures for employees and business partners on how to act while processing personal data;
– instructions for employees and business partners concerning data protection infringements;
– guides for employees and business partners on how to answer individuals’ requests concerning their personal data.

Communication with authorities supervising implementation of GDPR regulations may require professional knowledge and skills. Decipher authorities’ expectations and speak to them in their language effectively acquiring what you need.

We may cover the following (and more):
– contact with the appropriate office for personal data protection;
– answering authorities’ inquiries;
– filing complaints, requests, applications, etc. to supervising authorities.

Effective application of safety measures while processing personal data may require some changes in behaviour of your employees – often as minor as logging out of computer system or programme when leaving their desk. The language and rules set out in GDPR may, however, sometimes seem complicated or difficult to understand. Let us help your employees grasp the idea of personal data protection in everyday work duties.

Our offer covers the following (and more):
– remote training;
– preparation of training materials;
– designing and carrying out e-learning;
– drafting simple rules for your employees work routine;
– translating complicated legal requirements of GDPR to easy language of respect for individual’s personal data.

Need a Data Protection Officer (DPO)? GDPR requires you to appoint a DPO in some circumstances. You may also wish to appoint one of your own will – to help you manage personal data protection in your company.

The scope of our services includes the following (and other):
– verification if DPO is obligatory in your company;
– performance of DPO’s duties in your company;
– support for you DPO in their everyday duties;
– audits of your DPO (e.g. when an external entity is acting as DPO in your company).

Handling queries of people whose data is processed in the enterprise. Answering individuals’ requests concerning their personal data may be more complicated than one might expect.

To ensure your professional and effective approach to exercising individuals’ rights concerning their personal data, we will help you:
– identify, if the request comes from the right person – the one who can actually file such a request;
– clarify both – content and intent behind the request – to ensure your adequate response;
– manage terms and dates related to answering such requests;
– train your employees to adequately answer such requests.