The personal data protection sector is one of our Law Firm’s leading specialisations, particularly in terms of services provided to entities in the IT and insurance industries.
In the field of personal data processing, we provide advice both to the largest national and international entities, as well as to small businesses or online shops that are just developing their personal data protection policy.
Selected experiences of our Law Firm in this area:
- comprehensive audits and implementation of post-audit recommendations in the field of personal data protection;
- comprehensive counselling on personal data protection issues for both personal data controllers and processors;
- development of internal documentation related to personal data processing, e.g. privacy policy, IT system management instruction, personal data processing entrustment agreements, personal data controlling agreements, personal data processing activity register, personal data subjects’ rights handling procedure;
- assessment of activities of controllers and processors in terms of compliance with data protection legislation to ensure data protection ‘by design’ and ‘by default’;
- assessment of insurance distribution models for compliance with data protection legislation;
- comprehensive legal support for projects involving the transfer of personal data to third countries, particularly in connection with cloud computing solutions;
- drafting solutions concerning mailing and other forms of using personal data for marketing purposes including but not limited to in accordance with the provisions of the Act on Providing Services by Electronic Means, the Telecommunications Law, the Act on Insurance and Reinsurance Activity or the Act on Insurance Distribution;
- representing clients in the course of inspections and in proceedings before the President of the Office for Personal Data Protection;
- examining the compliance of business activities with the requirements of GDPR and other EU or Member State data protection legislation;
- drawing up legal opinions in the area of personal data protection;
- preparing analyses of data processing in connection with IT services;
- developing and conducting tailored training courses on personal data protection;
- exercise of the function of DPO on behalf of the data controller or processor.
THE ‘DATA PROTECTION OFFICER’ SERVICE
- informing and advising the controller/processor and staff who process personal data about their obligations under GDPR and other data protection legislation;
- monitoring compliance with GDPR, other data protection laws and the controller’s policies on personal data protection, including division of responsibilities, awareness-raising activities, training of personnel involved in processing operations and related audits;
- making recommendations on the data protection impact assessment upon request and monitoring its implementation in accordance with Article 35 of GDPR;
- cooperating with the supervision authority;
- exercising the function of a contact point for the supervision authority on issues related to personal data processing, including prior consultation as referred to in Article 36 of GDPR, and consulting on any other issues where applicable;
- appointing a person responsible for carrying out the tasks of the DPO.
