Personal data

TOPICS RELATED TO THE PROTECTION OF PERSONAL DATA IS ONE OF THE MAIN AREAS OF OUR LAW FIRM'S ACTIVITIES.

We carry out audits to assess the degree of compliance of a client's activities with the provisions of the GDPR, in particular in the field of privacy by design and privacy by default, as well as other requirements arising from the GDPR

We adjust our clients' activities to the requirements of the GDPR and the so-called sectoral regulations, in particular regulations applicable to payment institutions, loan institutions, institutions operating in the insurance sector. As part of implementation activities, we provide support in ensuring compliance with the provisions of the GDPR, in particular:

• We develop procedures for the selection of contractors having access to data  (processors) and their periodic verification
• We define the rules for granting authorization to process personal data and supervise the authorization process
• We define the principles and legal grounds for obtaining and processing personal data
• We develop response patterns for clients regarding issues related to the processing of personal data, consistent with the purposes and categories of personal data processed
• We develop provisions for the personal data processing agreements and adequate security measures for personal data required from our clients' business partners
• We prepare and update the data processing activities register and the processing categories register
• We develop data security policies
• We develop procedures for reporting personal data breaches
• We develop data protection impact assessment (DPIA) procedures
• We carry out impact assessments for the protection of personal data
• We develop and implement a program to check the adequacy of implementation activities
• We develop privacy and cookie policies

We represent clients in proceedings before the Personal Data Protection Office in matters of complaints and control proceedings

We advise in the event of an incident of a personal data security breach, we determine appropriate remedies, we take care of collecting adequate documentation related to reporting a data breach  and we prepare the content of the notification to the Personal Data Protection Office  

We organize and conduct dedicated trainings in the field of personal data protection and information security

We act as a data protection officer in enterprises of the financial sector (payment institutions, loan institutions, consumer credit brokers, insurance agents)