Personal data protection

GDPR support & services

You want to implement your personal data protection management system in your company
You want to be sure that you are always up to date

Learn More

About us

We provide entrepreneurs with legal security

Every day, our company's employees provide our clients with legal security in the scope of GDPR. The service is provided by people with experience in information security based on the international ISO 27001 standard. Our experts have developed and implemented several hundred security policies in various companies and industries.

Our services

What we do

Analysis

The factual analysis is crucial in demonstrating due diligence in implementing the GDPR

  • Risk analysis
  • Impact assessment
  • Analysis of IT requirements
  • Analysis of software requirements

Registers

Keeping different types of registers will ensure your company's accountability and the ability to manage the RODO in the company

  • Register of processing places
  • Register of data sets
  • Record of Processing Activities
  • Registry of IT systems

Documentation

The processes and procedures related to the processing of personal data should be clearly defined and employees should be familiarized with them

  • Personal Data Security Policy
  • Contracts entrusted
  • Confidentiality agreements
  • Authorization for processing

Service

The current handling of events related to the GDPR is crucial in the area of your company's security in the light of the requirements set by the GDPR

  • Management of security incidents
  • Management of requests from individuals
  • Employee training in the scope of the GDP

Work process

Step by step

The implementation of the RODO is crucial for the protection of the company in terms of legal and business security. In the event of inadequate preparation you may face financial penalties, formal problems, but more importantly, the loss of the company's image towards clients. Another important issue is such implementation that specific rules actually function and at the same time do not interfere with running a company.

Step 1. Identification

The basic issue is the identification of all sources of personal data acquisition, the identification of the processing of personal data, IT systems that are used and the identification of third-party companies that have access to data. An important issue is also the identification of processes and processing activities that operate within the company and employees of the company along with an indication of entitlements to appropriate processing operations.

Step 2. Risk analysis

The purpose of risk analysis is to identify internal and external threats that may affect the security of personal data. Risks may arise from physical security, software, processes and procedures that operate, as well as in the scope of third-party companies with which the company cooperates. The basis of risk analysis is the ISO 27005 standard, and the result is a list of recommendations regarding changes that should be made to ensure that personal data is properly secured.

Step 3. Implementation

Preparation of procedures and description of personal data processing rules is an important element of implementation. It builds awareness in the organization and clearly defines the handling of personal data. An important element of the implementation is also certified employee training along with the verification of their knowledge. This is to fulfill the legal obligation and raise awareness among those responsible for the processing of personal data. Another element is proper fulfillment of information obligations towards natural persons whose data is processed, as well as formal regulation of cooperation with third companies that have access to personal data regarding entrustment contracts. In certain cases, it will be necessary to proced impact assessment of the processing of personal data regarding to the supervisory authority recomendations.

Step 4. Maintenance

Updates in connection with changes in the law, recommendations issued by the supervisory authority, codes of good practice enforce continuous monitoring and verification of the accepted principles of processing personal data in the company. Another aspect are changes that occur inside the company that may affect the adopted rules. The above circumstances force continuous work and verification whether the company operates in accordance with the requirements of the GDPR. Another area requiring continuous involvement is the registration and analysis of personal data security incidents, and in some cases the need to report them to the office. Appropriate response to reports of people whose personal data is processed is also an important element of the activities that data controler must constantly control.

Every day, our company's employees provide our clients with legal security in the scope of GDPR. The service is provided by people with experience in information security based on the international ISO 27001 standard. Our experts have developed and implemented several hundred security policies in various companies and industries. In the event of an audit, you can be sure that the implemented personal data security system works correctly and you are able to prove it. The reasons for the checks can be many, i.e. reported violations, an individual's complaint or a routine check by supervisory authority.

Learn more

Our clients

Who work with us

Over 5,000 entrepreneurs trusted us. We support them in day-to-day legal challenges ensuring security.

About Us

GDP System is a brand of the company Rzetelna Grupa Sp. z o.o. with headquarters in Warsaw. We support entrepreneurs in the area of legal services, including in the scope of GDP.

Latest Posts



Our Contacts

61 al. Jana Pawła II, Suite 212,
01-031 Warsaw, Poland

(+48) 22 390 91 05