New legal frame of personal data protection in the European area

Comprehensive preparation for GDPR

The GDPR is a new legal frame of personal data protection in the European economy area. Since 25 May, 2018 it has been determining the rules of personal data processing, including those of the data subjects (individuals). On 25 May, 2018 the GDPR substituted the Act No. 101/2000 /Coll. on personal data protection in the Czech legal setting.

The GDPR relates to all subjects dealing with information on individuals (employers, suppliers, website or e-shop operators and the like). Both private sector (not only big organizations such as banks, insurance houses or hospitals but also small and medium-sized businesses) and public sector have to be ready for GDPR.  

The GDPR introduces a whole number of new rules (e.g.  the right of data portability, the right to be forgotten, the duty to carry out assessment on influence on personal data protection for selected procedures or appoint a data protection officer (DPO). Each personal data processor and controller will have to document the observing thereof through all of the data processing period. The general technological and administration stress in the sphere of personal data protection is going to increase substantially.

The sanctions for breaching some of the duties stipulated  by the GDPR are going to increase considerably as well penalties up to  20,000,000 EUR or 4 % of total turnover per year worldwide (depending on which is higher). All subjects processing personal data should prepare well for GDPR.

The preparation for GDPR should start with an entry audit of the existing personal data processing procedures. After “surveying the ground” thoroughly, there comes the necessary changes proposal (contract and other documentation adjustments, staff training, procedure setting) and follow-up implementation thereof.  

In conclusion we point out that preparation for GDPR is a complex matter. Within the frame of companies and organizations the GDPR covers a whole number of matters, with significant impact – besides “the law” especially in IT, security, management, etc. To get ready for GDPR thus means to revise your systems and procedures in personal data processing in all the spheres affected, and implement the necessary technological solutions.  

We present 4 steps to general implementation

Tailor-made packages of services

We offer your company help with its preparations for the new European regulation on protection of individuals related to data processing and free circulation of such data 

ENTRY AUDIT

Opening consultations, personal data processing procedures analysis; contract and other documents typology analysis; general  GDPR readiness analysis; written summary of the entry GDPR audit including presentation

SECURING COMPLIANCE WITH GDPR

Based on the GDPR entry audit results, a written output will be prepared including proposals of specific changes and measures needed to be accepted and implemented to achieve the compliance with GDPR. The output will be presented to the client and discussed. 

IMPLEMENTATION OF CHANGES

The implementation of suggested changes and measures in the scope agreed by the client (setting internal processes, contract and other document revisions, preparation of new documentation, staff training and the like).

ISSUING OF CERTIFICATE ON GDPR IMPLEMENTATION

Following the implementation of changes to achieve compliance with GDPR, we will issue a certificate for the client, comprising our declaration that we provided legal services to the client related to GDPR implementation as well as our declaration that the client implemented measures required to achieve compliance with GDPR.

ARE YOU INTERESTED IN THE SERVICE?

CONTACT US: +420 212 242 807

GDPR PACKAGE

Complete solution for your company

WE ARE HERE FOR YOU

MO – FRI, 9 a.m. – 6 p.m.

PACKAGE PRICE

from CZK 10,000