GDPR and DPO
We will prepare your company for GDPR and not burden you with unnecessary bureaucracy. We will define the biggest risks and propose measures including the impact on investments, labor and severity.
How to set up GDPR that works?
We help organizations set up GDPR so that it is not only in line with the legislation, but also functional in practice. We focus on analyzing the current situation, identifying risks and proposing specific measures. We guide clients through the initial assessment through to implementation and training.
We will perform a complete GDPR analysis in your organization!
We will guide you through the personal data protection process according to the GDPR in 6 steps, in a way that places as little burden on your company's normal operations as possible.
1. Project initialization
We start with an initial meeting with the customer, during which we establish the goals, strategy, and organizational design of the project.
4. Joint risk assessment
Based on an analysis of the current situation, we will compile a list of risks and identify the key ones with regard to GDPR.
2. Agenda mapping
We also analyze where personal data is located in the company. This includes employee data, customer data, etc.
5. Identification of measures
We define activities leading to the elimination of the company's greatest risks to ensure compliance with the GDPR regulation.
3. Analysis of the current situation
We will review current technical and organizational measures aimed at data protection and identify the flow of personal data in the organization.
6. Recommendations for further action
We will summarize previous activities, steps, suggestions and solutions and agree on the next steps.
One-day audit
We offer you a 1-day readiness audit. In one day, we will map out your current status and give you recommendations for individual areas.
We focus on the basic GDPR areas of personal data protection:
Fulfillment of the obligations of the personal data controller
Compliance with the basic principles of GDPR
Fulfillment of data subjects' rights
Introducing intentional protection
Organizational and technical measures
Staff
Data Protection Officer / DPO (DPO responsibilities)
The output is a detailed report on the current status and a proposal for recommendations for non-compliant areas. The report is prepared in a clear graphic form for each area. You will receive it within 24 hours of the audit completion. Each area is also supplemented with a proposal for measures that must be implemented to ensure compliance.
Practical training
We will introduce you to the basics of GDPR:
We are not just theorists - after the theory part, we will start working with you on a GDPR solution specifically for your company, including adding experience directly from your field.
Who is the training intended for?
It is suitable for anyone who wants to deal with GDPR on their own and is looking for the right navigation.
What will you learn?
-
GDPR introduction
-
explanation and use of the GDPR template for agenda recording
-
overview of risks from a regulatory perspective
-
risk identification
-
draft measure
What will you take away?
-
Agendas – template for areas of personal data processing
-
Risk identification template
-
Each participant will receive a certificate of completion of the training
We also provide you with a 1-hour consultation to support you in implementing GDPR in your company.
Data Protection Officer (= DPO)
The DPO (Data Protection Officer) is a position created by the GDPR. The DPO can be internal or external and the DPO's job is to ensure that the company handles personal data in accordance with the obligations arising from the GDPR. The DPO is mandatory for some organizations.
Support and advice
We will take care of GDPR in your company or arrange a data protection officer (DPO) for you, so you can continue to focus on what you do best.
We offer a range of support and consultancy services. You can create your own "package" of services tailored to your company's specific needs. The services we offer are:
Email requests / consultations (number of these consultations according to agreement).
Regular monthly newsletters about changes.
Regular updates of purchased templates and GDPR documents.
Recommendations regarding personal data protection (advice, information).
Basic security incident settings and reporting form including workflow.
Setting rules for reporting data leaks.
Consultation on corrective, organizational and technical measures.
Setting up the citizen/customer (data subject) response process.
Agenda revision – once a year.
AFEL PRO methodology for risk assessment.
Assistance in selecting new IT systems.
GDPR control audit – once a year.
Support from your DPO (if relevant).
Basic GDPR training.
Training for DPOs – once a year.
Information using the GDPR mobile app.
Communication with the Supervisory Authority.
Preparation of training material templates.
Templates for OOP guidelines and contract amendments.
Receiving requests or complaints from citizens/customers (Data Subjects).
Grouping corrective actions into logical units.
Access to the sectoral catalogue of risks and measures.
Disclosure of contact details of a specific person, the Commissioner for your company.