We can assist in all stages of compliance that your business needs.
A comprehensive compliance program includes the following stages:
- Mapping of personal data and the data processing activities.
- Preparation of a record of data processing activities (article 30 of the GDPR).
- Assessment the level of security of IT systems (IT Audit).
- Assessment of the adequacy of the technical and organizational measures taken in the organization to protect business data / systems in general and personal data in particular.
- Design and implementation of a Roadmap: In this context, we review (a) an organization’s current personal data processing, (b) an organization’s contractual texts with those who process personal data on your behalf (data processors), (c) compile the necessary submission forms (consent and information notice for employees / customers / suppliers / website users etc).
- Drafting policies and procedures for handling personal data for your business.
- Preparation of internal instructions and manuals.
- Staff training.
Data Protection Impact Assessment (DPIA). According to Article 35 of the GDPR, where the processing is based on a new technology or may pose a great risk to the rights of the subject (eg processing of specific categories of data on a large scale), a data protection impact assessment must be performed.
We will help you assess the risks that the processing of personal data have regarding the rights of the associated data subjects and will suggest measures to address these risks, so that any processing of personal data, which is performed by your company is in accordance with the principle of proportionality.