We conduct legal audits of data processing documentation and procedures for compliance with GDPR requirements.
In cooperation with clients, we identify categories of data processed by clients, as well as the scope and aim of processing of data, in order to assess whether processing is conducted within legally permissible bounds. We also propose remedial measures when necessary.
During audits for verification of the compliance of clients’ operations with the GDPR, we cooperate with external firms specialising in cybersecurity and protection of digital data. This enables us to identify and minimise risks associated with breaches of data security.
In our practice we have represented clients in proceedings before the Polish data protection authority for registration of filing systems and data protection officers, and also during inspections and post-inspection proceedings.
We advise on the grounds under which a data controller can transfer personal data outside the European Economic Area. We assist in drafting binding corporate rules and obtaining approval of binding corporate rules by the supervisory authority.
We conduct training on data protection in compliance with the GDPR, in particular training on GDPR audit and implementation.