Every day, our company's employees provide our clients with legal security in the scope of GDPR. The service is provided by people with experience in information security based on the international ISO 27001 standard. Our experts have developed and implemented several hundred security policies in various companies and industries.
Over 11 years on the market of services for companies in the field of legal and business consulting gave us a lot of experience, which we share with our clients
We understand the business and its needs so that we can help solve many legal problems.
For over 8 years we have been dealing with the protection of personal data, advising companies on how to meet formal requirements and how to secure the company's operations in this area.
The key to success is choosing such solutions that they do not interfere with running a business, and even help in building the company's image both internally and externally.
From the very beginning of the entry into force of the GDPR, we help entrepreneurs meet the requirements set by the new regulations.
Based on our experience, a tool for managing the RODO in the company was created.
The implementation of the RODO is crucial for the protection of the company in terms of legal and business security. In the event of inadequate preparation you may face financial penalties, formal problems, but more importantly, the loss of the company's image towards clients. Another important issue is such implementation that specific rules actually function and at the same time do not interfere with running a company.
Step 1. Identification
The basic issue is the identification of all sources of personal data acquisition, the identification of the processing of personal data, IT systems that are used and the identification of third-party companies that have access to data. An important issue is also the identification of processes and processing activities that operate within the company and employees of the company along with an indication of entitlements to appropriate processing operations.
Step 2. Risk analysis
The purpose of risk analysis is to identify internal and external threats that may affect the security of personal data. Risks may arise from physical security, software, processes and procedures that operate, as well as in the scope of third-party companies with which the company cooperates. The basis of risk analysis is the ISO 27005 standard, and the result is a list of recommendations regarding changes that should be made to ensure that personal data is properly secured.
Step 3. Implementation
Preparation of procedures and description of personal data processing rules is an important element of implementation. It builds awareness in the organization and clearly defines the handling of personal data. An important element of the implementation is also certified employee training along with the verification of their knowledge. This is to fulfill the legal obligation and raise awareness among those responsible for the processing of personal data. Another element is proper fulfillment of information obligations towards natural persons whose data is processed, as well as formal regulation of cooperation with third companies that have access to personal data regarding entrustment contracts. In certain cases, it will be necessary to proced impact assessment of the processing of personal data regarding to the supervisory authority recomendations.
Step 4. Maintenance
Updates in connection with changes in the law, recommendations issued by the supervisory authority, codes of good practice enforce continuous monitoring and verification of the accepted principles of processing personal data in the company. Another aspect are changes that occur inside the company that may affect the adopted rules. The above circumstances force continuous work and verification whether the company operates in accordance with the requirements of the GDPR. Another area requiring continuous involvement is the registration and analysis of personal data security incidents, and in some cases the need to report them to the office. Appropriate response to reports of people whose personal data is processed is also an important element of the activities that data controler must constantly control.
Every day, our company's employees provide our clients with legal security in the scope of GDPR. The service is provided by people with experience in information security based on the international ISO 27001 standard. Our experts have developed and implemented several hundred security policies in various companies and industries. In the event of an audit, you can be sure that the implemented personal data security system works correctly and you are able to prove it. The reasons for the checks can be many, i.e. reported violations, an individual's complaint or a routine check by supervisory authority.Learn more
Over 5,000 entrepreneurs trusted us. We support them in day-to-day legal challenges ensuring security.
GDP System is a brand of the company Rzetelna Grupa Sp. z o.o. with headquarters in Warsaw. We support entrepreneurs in the area of legal services, including in the scope of GDP.