GDPR Personal Data Protection
Topics related to the protection of personal data is one of the main areas of our Law Firm's activities.
Our offer, addressed to financial institutions, is distinguished by the knowledge of our clients' expectations and the specifics of the market in which they operate.
We believe that experience in cooperation with the financial industry (loan and payment services) allows us to provide legal services in the field of privacy and data protection at the highest level, while maintaining competitive rules of services rendered.
We are happy to use innovative solutions and, in our legal services, we use modern tools to keep records of processing activities and assess the risk of personal data processing.
We carry out audits to assess the degree of compliance of a client's activities with the provisions of the GDPR, in particular in the field of privacy by design and privacy by default, as well as other requirements arising from the GDPR
We conduct audits of personal data flow in complex structures of subcontractors, including capital groups, and advise on the adoption of appropriate solutions in the controller / co-controller / processor relationship
We adjust our clients' activities to the requirements of the GDPR and the so-called sectoral provisions, in particular those applicable to payment and loan institutions
As part of the implementation activities, we provide support in ensuring compliance with the provisions of the GDPR, in particular:
- We develop procedures for selecting contractors who have access to data (processors) and their periodic verification
- We define the rules for granting authorization to process personal data and supervise the authorization process
- We define the principles and legal grounds for obtaining and processing personal data
- We develop response patterns for clients regarding issues related to the processing of personal data, consistent with the purposes and categories of personal data processed
- We develop provisions for the personal data processing agreements and adequate security measures for personal data required from our clients' business partners
- We prepare and update the data processing activities register and the processing categories register
- We develop data security policies
- We develop procedures for reporting personal data breaches
- We develop data protection impact assessment (DPIA) procedures
- We carry out impact assessments for the protection of personal data
- We develop and implement a program to check the adequacy of implementation activities
- We develop privacy and cookie policies
We advise on legal transfers of personal data to third countries (including the United States)
We represent clients in proceedings before the Personal Data Protection Office in matters of complaints and control proceedings
We advise in the event of an incident of a personal data security breach, we determine appropriate remedies, we take care of collecting adequate documentation related to reporting a data breach and we prepare the content of the notification to the Personal Data Protection Office
We organize and conduct dedicated training in the field of personal data protection and information security to the extent adequate for the needs of the management staff of a financial institution, customer service departments, verification and recovery departments
We act as a data protection officer in enterprises of the financial sector (payment institutions, loan institutions, consumer credit brokers, insurance agents)
We organize and conduct dedicated training in the field of personal data protection and information security to the extent adequate for the needs of the management staff of a financial institution, customer service departments, verification and recovery departments
We act as a data protection officer in enterprises of the financial sector (payment institutions, loan institutions, consumer credit brokers, insurance agents)