News
How does the implementation of personal data protection system in the company take place? | Data protection
General Data Protection Regulation (2016/679) is a prevalent topic among entrepreneurs; however, the day-to-day work of our law firm sheds light on an ever-present confusion – entrepreneurs do not always have a clear road map for fulfilling the mandatory requirements. In addition, very often the reason for disorganized processes is not a light-hearted approach, but a lack of understanding of the extent to which the company interacts with protected data on a daily basis. Situations in which companies have data protection documents that create unfounded peace of mind, despite them being partially or completely not in accordance with the requirements, are quite common, hence, making problematic situations even more painful.
To make sure that the personal data protection system in the company meets the requirements, it is recommended to check the existing documents or develop and implement new documents together with a specialist in the legal field, who has not only experience in these matters but also the necessary tools to help the company orientate in a sufficiently complex field. How does it happen?
Exchange of information
1. We will familiarize ourselves with the documents already existing in your company, including website functions and notices, which may already partially regulate the protection of personal data. We will ask you to send these documents to us;
2. We will prepare questions about processed personal data, their acquisition, use, legal basis for processing, transfer, etc. and we will invite you to provide answers to them;
3. For more in-depth knowledge and clarification of specific nuances, we will interview the responsible persons of your company (usually at least 2 persons x 2 hours), we will ask you to find time for these conversations;
Summary, analysis, conclusions
We will collect and carefully analyze all the information obtained, thus reaching conclusions;
Discussing solutions
We will mutually agree on the action plan, necessary documents regulating the protection of personal data, procedures to be implemented and everything else that is specific to your company so that the personal data protection system meets the requirements of the law;
Development of documents
We will develop the necessary documentation, such as a ready-to-use register of processing activities, privacy policy, privacy notice, cookie policy, etc.;
Consultations and training
For the viability of solutions, we will recommend regular employee training, meanwhile, within the framework of the already described service, we will be open to your questions and advise on the implementation of requirements, application of the newly acquired documentation, etc.
Based on the specifics of the industry represented by the client, as well as the day-to-day nuances of economic activity, the time and costs required for the implementation of the service will be determined. To receive a financial offer, as well as in case of uncertainties, we invite you to contact our specialists.
A slight glance into the list of completed work:
ACHEMOS GRUPĖ / one of the largest group companies in Lithuania / turnover of 800 million euros
> Management of a GDPR audit and compliance assessment for the client group’s companies in Latvia, on the basis of which the necessary documents were developed and procedures for the protection of personal data were implemented.
> Provision of employee training for the implementation of GDPR requirements in day-to-day work.
DATAMED / health care data digitization company in Latvia / turnover of more than 0.5 million euros
> Successful representation of the client in a dispute with the State Data Inspectorate regarding a case that gained wide resonance in the media regarding possible violations of the processing of sensitive personal data.
HEALTH INSPECTORATE
> Development and management of a training program on GDPR requirements for more than 100 employees of the Health Inspectorate.
CONFIDENTIAL CLIENT / pharmaceuticals / revenue over 1 billion euros
> Development of Terms of Use and Privacy Policy for different websites for client’s projects:
- for a website containing information about client’s manufactured drugs and their use;
- for a website intended for providing information about specific diagnosis, treatment, drug advertisements;
- for a website intended for providing information and educating teenagers on issues of sexuality education;
> Reviewing and localization of GDPR documents for the client’s project – involvement of health care professionals in survey conducted by the client;
> Development of data breach policy.
Subscribe to Leadell's Newsletter
