Logo
Home

RODO implementation and privacy protection

RODO IMPLEMENTATION - WHAT MAKES US SPECIAL?

Since the beginning of our activity, we have been helping clients solve their problems related to online privacy issues. This area is both a field of didactic interest and practical experience for our law firm's partners and lawyers. At the beginning of 2018, a book entitled "Data Security and IT in Law Firms" ( „Bezpieczeństwo Danych i IT w Kancelarii Prawnej”) was published by the C.H. Beck publishing house under the editorship of Law Firm Partner Professor Dariusz Szostek. The book turned out to be a bestseller, and among its co-authors were other lawyers from our law firm: Dr Gabriela Bar, Damian Klimas and Wojciech Lamik. These same lawyers, on a daily basis, share their knowledge and experience as part of project teams preparing our clients for the requirements of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - RODO.

Today, issues such as information security, confidentiality and security of personal data are key and the financial penalties introduced by the RODO for those who are unable to demonstrate proper implementation are severe and can amount to up to €20 million or 4% of a company's annual worldwide turnover. 

Personal data is processed every day in a company. There is no room for error or learning during the processing processes. We have put the learning stage behind us. We have been providing data protection services for years. We have followed the work on RODO even from the draft stage. The experience related to RODO that our team has gained from completed projects allows us to tailor our data protection solutions to the actual needs and, above all, to the specifics and capabilities of the client. We are aware that the requirements of RODO are implemented differently in a corporation and the implementation of RODO in a small company.

HOW WE WORK

Step 1 – audit

The implementation of RODO in a company is preceded by a comprehensive audit and risk analysis, the aim of which is to take stock of the current system for the protection of personal data (hereinafter "data"). As part of this step:

  • we build a unified list of data processing cases; 
  • we identify the legal basis and purposes for the processing of data resources; 
  • we analyse the implementation of information obligations when collecting data; 
  • we identify situations of entrusting data processing to other entities;
  • we identify data processing documentation ; 
  • we identify the technical and organizational data security measures used.

Step 2 – analysis of the legality of data processing

In the next step, we analyse the legality of data processing both on paper and electronically, identify and analyse the gaps in the client's data protection policy to date, and provide relevant recommendations to enable full implementation of RODO without negatively impacting the achievement of individual business objectives. This is where we examine, among other things:

  • the legitimacy, scope and purpose of the data processed, shared, entrusted and transferred;
  • the scope and purpose of data archiving; 
  • the fulfilment of obligations towards data subjects as required by RODO within the individual business processes. 

Step 3 – documentation

The third step, enabling full implementation, is the development of a set of necessary documents, based on the recommendations we proposed earlier. The package prepared by us consists of comprehensive documentation, which includes, among others, templates:

  • the content of information obligations (Articles 13 and 14 of the RODO);
  • consent to data processing ; 
  • personal data processing entrustment agreement; 
  • registers of data processing activities;

Training on personal data protection

We support clients in the preparation of personal data protection policies and concepts for the functioning of the Data Protection Officer. As part of our cooperation, clients often also opt for specialized training on the new regulations, in which we impart knowledge to identify potential risks and ensure compliance with RODO. We do not just explain what RODO is. Our training covers, among other things:

  • the implementation of the legal data protection obligations set out in RODO;
  • the implementation of the principles of restriction of processing (data retention) and data minimization;
  • obligations related to data protection breaches (procedures, breach records, notifications, notifications); 
  • organizational and informational measures relating to the appointment and activities of the Data Protection Officer (DPO); 
  • entrustment of personal data processing; 
  • liability for violations of RODO. 

PLEASE FEEL FREE TO CONTACT US

If you are interested in the subject of the implementation of RODO and its effective application, we share our knowledge in social networks, in the news section of our website and through publications in such dailies as Rzeczpospolita and Dziennik Gazeta Prawna.