We advise on preparation of the required GDPR documentation:
- we prepare and update internal documentation for personal data processing, including, without limitation:
- the data security and protection policy consistent with the GDPR guidelines,
- the IT system management manual,
- the data subject request policy,
- risk assessment – in cooperation with your team,
- other implementation-related documentation, the scope of which will depend on the outcome of the audit (e.g. breach notification policy, consent clauses, template authorisations, record of processing activities).
- we present solutions for secure and legal transfer of personal data abroad (also to third countries which do not provide adequate data protection level), and for implementation of the Binding Corporate Rules and Standard Contractual Clauses,
- we negotiate, prepare and evaluate contracts and contractual clauses related to personal data processing,
- we prepare data protection impact assessments for specific data processing operations (DPIA),
- we prepare privacy policies for website service users, as well as notifications, information, draft consents and data processing statements.