GDPR. Personal data protection

Individual entrepreneurs and management boards of companies or public entities have a responsibility to properly implement the provisions of Regulation 2016/679 o of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data, or GDPR for short. It is also important to monitor on an ongoing basis the correct application of the GDPR in the individual areas of your business (recruitment, HR, accounting, marketing, etc.). In this respect, we offer you fully professional support – GDPR outsourcing.

WHAT SERVICES WE OFFER?

As part of our services related to the protection of personal data in the company, we offer the use of an individually tailored set of services or the solutions indicated below:

LEGAL AUDIT OF THE CORRECTNESS OF PERSONAL DATA PROCESSING TOGETHER WITH A SET OF POST-AUDIT GUIDELINES

The audit includes in particular the analysis of:

previously applied procedures of personal data protection in the area of employee recruitment, keeping HR documentation (personal files, HR and payroll systems) and accounting, concluding employment contracts, acquiring contractors’ data, competitions, marketing and e-marketing, sales, business management, transfer of data within capital groups, video monitoring, IT solutions, including those applied on the website;
the provisions of contracts relating to the processing of personal data with external entities, e.g. temporary work agencies, recruitment, security or marketing agencies;
the duties of appointing a Data Protection Officer, keeping a register of data processing activities, introducing personal data protection policies, concluding personal data processing outsourcing agreements;
safeguards applied to personal data in both traditional and electronic form.

The conducted audit indicates the issues that require improvement, together with a set of recommendations to ensure the correctness of personal data processing. Depending on the results of the conducted analyses, the BSO Law & Taxes Office prepares the legally required:

registers;
clauses with information on processing provided to the persons whose data are processed;
consent clauses for the processing of personal data;
authorisations for employees to process data;
internal personal data protection policies with procedures for reporting data protection violations and handling requests from data subjects;
data processing entrustment agreements;
specific documentation resulting from the specificity of the entrepreneur’s activity.

The discussion of the principles of personal data protection resulting from the law, the results of the audit and the prepared procedures and documentation takes place during a dedicated training course.

OUTSOURCING OF THE PERSONAL DATA PROTECTION INSPECTOR (IOD)

BSO Law & Taxes offers the service of outsourcing a Data Protection Officer (DPO) by a person who meets the relevant requirements. As an external data protection expert, the DPO will provide guidance and oversee the undertaking of activities in your company in accordance with data protection legislation. The tasks of the DPO will include:

monitoring compliance with data protection legislation;
informing employees of their obligations under the RODO;
providing recommendations on data protection impact assessments upon request;
conducting internal training, updates and audits;
liaising and contacting the supervisory authority.

GDPR TRAININGS

Data protection training courses are fully tailored to the specific business. They are conducted by a BSO Law & Taxes lawyer who specialises in GDPR regulations and has practical experience.

We dedicate them to the employees of the various departments of the company and to the management. The most frequently chosen training topics are: GDPR in recruitment, adapting the workplace to data protection regulations, data protection in marketing and e-marketing, cooperation in accounting with an external partner in accordance with GDPR requirements.

WHY SHOULD YOU WORK WITH US?

We have carried out more than a dozen RODO audits, implementations and updates in companies operating in Wrocław, Lower Silesia and neighbouring provinces. Our extensive experience guarantees the correct implementation of personal data protection rules in your company after the audit. Furthermore, in the case of ongoing cooperation, we ensure that the documentation is updated and the RODO policy is adapted to the changing scope of the company’s activities or new legal regulations.