Issues related to the collection, processing and protection of personal data had been a part of our expertise long before the entry into force of the GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

We have been engaged in broad spectrum of GDPR cases, and has rendered our advisory services to corporate clients, employing even several hundred people.
The key to providing effective and comprehensive client support, in terms of personal data protection, is in-depth analysis of the data processing procedures and processes binding in each company as well as understanding the customer's needs in this regard. This knowledge not only empowers us with necessary tools to make our clients aware of the obligations, imposed by GDPR on them as data administrators of their employees, clients, contractors, but also helps us to identify potential risks.
As a part of our support in this scope, we prepare documentation that meets all the requirements of applicable legal regulations, including GDPR, tailored to the target economic activity of the Client (including the Privacy Policy, Security Policy, Processing Activity Registers). In addition, we conduct comprehensive staff training, adapted to Client’s type of business. It is crucial to remember that the strength of each security system is determined by its most defective part, which often turns out to be a human being. Therefore, a well-trained employee constitutes the best protection of the client's interests, and we make our best to provide as comprehensive trainings as possible.
We also provide legal assistance in the event of an incident or breach of data protection in our client's organization, and we help to assess the event in terms of the risk of violating the rights and freedoms of natural persons. If necessary, we file a request to the Personal Data Protection Office or prepare notifications of data subjects, as well as represent our clients during these procedures. 

Within this area of expertise, we offer our clients, among others:
  • Audit of compliance with the GDPR, during which we recognize the needs of customers to ensure the best data processing security as possible, by selecting appropriate technical and organizational measures. We first analyze the data processing processes implemented in the client's organization, then evaluate the related documentation and the security measures applied, including IT.
  • Risk analysis consultancy - we inspect whether the technical and organizational measures applied meet their objectives, i.e. whether they adequately protect the rights and freedoms of the data subjects.
  • Comprehensive implementation of the GDPR on site – drawing-up the necessary documentation for the personal data processing and appropriate Security Procedures. One of major rules of GDPR is the principle of accountability, i.e. the implementation of measures (including internal procedures) which assure compliance with GDPR in relation to data processing operations and the preparation of documentation indicating data subjects and supervisory authorities the kind of measures taken to ensure compliance with GDPR. 
  • Training on personal data processing and protection for all branches of industry, however our leading expertise are trainings for medical staff
  • IPDP outsourcing - we offer help in appointing an Inspector of Personal Data Protection (IPDP), at our client’s company, who deals with the protection of personal data matters in a comprehensive manner – draws-up and run necessary documentation, supervises the accuracy of the data collection and processing, conducts control audits, and trains staff.  
  • Acting on behalf of our clients in contacts with the Personal Data Protection Office regarding ongoing inspections.