There are many aspects to implementing the GDPR in an organisation. In our approach, we apply a comprehensive measure, including an analysis of the organisation’s needs (‘opening report’), staff training, support in risk analysis or the development of bespoke documentation.
While ensuring compliance with data protection legislation is by no means limited to documentation, it is one of the keys to success. The documentation primarily governs instructions and procedures for the staff and technical and organisational measures to protect personal data.
Our team has extensive experience in drafting documentation relating to the processing of personal data for both small business entities and complex capital groups, particularly in the financial services sector. The documents we create are clear, understandable and easy to apply. We develop the documentation on the basis of a previously conducted audit and fully adapt it to the client’s needs. As a result, the procedures and policies we create reflect the processes taking place within the organisation. Documentation is prepared in Polish and – on request – in English.
Developing the documentation, we offer the work on, adapt or updat documents such as:
- personal data protection policy
- register of processing operations and register of categories of processing operations
- personal data retention policy
- procedure for notifying violations to the supervisory authority together with the register of violations
- authorisation to process personal data together with a register of authorisations
- policy for risk assessment and assessment of the effects of processing
- procedures for the exercise of data subjects’ rights
- information clauses
- model contract for the outsourcing of personal data processing
- privacy and cookies policies.