The adoption of the Data Protection Regulation (GDPR) has brought a significant change to the matter of documentation. As a general rule, the GDPR does not specify either what documents we are to hold or what their content should be. The preparation of the relevant documentation is left to entrepreneurs, and the content of the documents is to depend on the risk assessment for each data controller. We support our clients in this task.

• We develop complete documentation within the scope of GDPR (e.g., personal data protection policy, registers of processing activities, entrustment agreements, information clauses, templates of authorisations, registers of persons authorised to process personal data, intra-organisational documents, relevant information obligations, instructions for monitoring or reporting violations, for example). GDPR is implemented after an audit of the compliance of personal data processing.
• Our experts verify the documents used by controllers and adapt them to specific facts, taking into account business processes, procedures, regulations and other areas of our clients’ activities where personal data is processed.

We implement data protection processes to ensure that the client’s organisation has reached formal and operational compliance with GDPR. This minimises the risk of a violation of the rights of data subjects, the risk of claims by data subjects, and the imposition of financial penalties by the supervisory authority.