Personal data protection
Provisions concerning personal data protection affect business activities of all entrepreneurs. Personal data are collected not only from employees but also from clients or business partners. Their protection is of particular importance in the conduct of activities related to recruitment, sales and various aspects of marketing. It does not mean that the GDPR can be ignored by production, transport, power or IT companies (read more in our article).
The Law Firm has a dedicated team of specialists handling issues related to personal data protection. During our work with Clients, it often turns out that the simple drafting of documents or carrying out of an audit is not enough. It is also necessary to actively react to changes in legal provisions to ensure continuous compliance with the GDPR. It is the only way to avoid fines and responsibility for running a business in a non-compliant manner.
Areas of practice
We analyse business areas specified by the Client in terms of their compliance with requirements of both the GDPR and national personal data protection provisions. We verify the legitimacy of personal data collection, functional correctness of systems for their processing, and completeness of both procedures and documentation. On behalf of data controllers, we carry out audits at data processors and check whether they meet their obligations regarding adequate data protection. We produce recommendations regarding the handling of any identified non-compliances and define best practices for avoiding risks resulting from actions taken by business operators.
The compliance of business run by the Client with the provisions regarding personal data protection cannot be ensured without making an obligatory risk analysis. We support Clients by identifying data protection risks and sources of irregularities, with determination of the likelihood of such risk occurrence. We also recommend risk elimination or mitigation measures. Our specialists indicate processes for which the so-called Data Protection Impact Assessment (DPIA) should be carried out.
We draft necessary documentation and procedures tailored to the Client’s needs and specific businesses (including operations of individual departments). We develop personal data protection policies, privacy and cookie policies, personal data processing agreements, registers and any other documentation required to meet requirements under the personal data protection provisions.
We verify functionalities of IT systems, in particular in terms of access rules, modes of data collection and data processing, as well as generation of information about system operation. Our specialists review forms used for data collection in terms of their compliance with the GDPR. We verify rules of data flow between individual systems. Also, we produce recommendations on adjusting system features to the GDPR, along with documentation required in case of any potential inspection.
We act as a PDPO or provide necessary support as an internal advisor to a PDPO appointed by the Client in the performance of such PDPO’s tasks and responsibilities. We carry out periodic audits to verify the compliance of personal data processing with the relevant regulations and offer recommendations to the PDPO or the Management Board.
The Law Firm provides its Clients with assistance during any inspection concerning the correctness of personal data processing. We act as attorneys in control proceedings before the President of the Office for Personal Data Protection. Our specialists support data controllers in conducting inspections concerning the adherence to the data processing agreement or in preparations for such inspection by the data processor. We represent Clients during negotiations and in court proceedings concerning a personal data breach.
We provide comprehensive training sessions on personal data protection and risk analysis. Depending on the Client’s needs, we offer case studies on the documents and procedures implemented at the Client or in selected areas of the Client’s business, during which we discuss irregularities and offer recommendations for changes.