GDPR compliance audit
We offer a range of services in the field of personal data protection, including training intended for business owners, employees and data protection officers concerning the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), as well as the Polish Personal Data Protection Act of 10 May 2018.
We have provided training on the GDPR to numerous recipients, including the members of the Business Centre Club. We offer GDPR training in two formulas – general GDPR training and sector training, tailored to the needs of specific clients and the scope of their business activity (e.g. medical law training). Our GDPR training may also be conducted online.
Some of the issues covered by the GDPR training course include:
- the most important changes introduced by the GDPR, including new concepts, such as profiling, the right to be forgotten, etc.;
- the obligations imposed on data controllers;
- the required appointment time, status and tasks of a data protection officer (DPO);
- the recording of processing activities;
- the notification of a personal data breach;
- the information obligation;
- the rules for imposing administrative penalties and their amount;
- the principles governing the processing of personal data, including the data minimisation principle;
- special categories of data;
- the rights of data subjects and related obligations of controllers and processors;
- the processor and personal data processing agreement;
- the tasks and role of the supervisory authority (President of the Polish Personal Data Protection Office).
The main advantages of the GDPR training carried out by the experts from Radkiewicz Lawyers Poland include obtaining reliable, factual and straightforward information on the current legal regulations concerning personal data protection.
The provisions of the GDPR apply to businesses, including commercial law partnerships and companies, regardless of the scope of their activity. Each entity processing personal data as part of its business activity should take all necessary steps to implement appropriate technical and organisational measures in compliance with the provisions of the GDPR. One of such organisational measures involves providing relevant personal data protection training to staff members to ensure that they are aware of the rules introduced within the organisation (e.g. the procedure for the notification of personal data breaches). No employees may be expected to comply with data protection regulations if they lack the relevant knowledge or if their knowledge is limited. Our targeted GDPR training will undoubtedly reduce the probability of high fines being imposed on the controller by the supervisory authority. Therefore, if only for this reason, the funds allocated by the data controller to the GDPR training are a profitable investment in human capital.
Among a wide range of services related to personal data protection, Radkiewicz Lawyers Poland offers a GDPRcompliance audit (personal data protection audit). As part of the GDPR audit, we support clients in ensuring compliance of their documentation with the requirements resulting from the GDPR and the Polish Personal Data Protection Act of 10 May 2018. By choosing our services, you will receive a set of documentation required by the GDPR (e.g. a record of processing activities) and will be equipped with procedures not directly required under the GDPR but recommended by the Polish supervisory authority, such as an IT system management procedure.
The GDPR imposes a number of obligations on controllers and processors aimed at protection of the personal data processed by those entities. They are required to undertake measures ensuring an adequate level of security of personal data collected by such entities in the course of their business activity. Such measures include periodical GDPR audits examining the client’s internal personal data protection procedures and the compliance with such procedures by its employees. Our lawyers check the completeness of the client’s internal documentation in terms of the applicable legal requirements, e.g. record keeping, as required under the GDPR. We also verify the scope and the volume of the data processed by a given entity in terms of the data minimisation principle.
DPO – Data Protection Officer
In addition, Radkiewicz Lawyers Poland offers the service of an outsourced data protection officer (DPO outsourcing). The GDPR imposes a number of new obligations on data controllers, including the need to appoint a data protection officer. The GDPR specifies the entities subject to this obligation (e.g. due to their size or ownership structure). A data protection officer may also be appointed by entities that are not under an obligation to do so if they wish to ensure that they meet all the requirements resulting from the GDPR.
It is worth noting that in cases specified in the GDPR, this obligation also applies to data processors. Instead of engaging an in-house data protection officer, entities subject to this obligation may enter into an outsourcing agreement for the provision of data protection officer services with a third party (DPO outsourcing).
According to the GDPR, circumstances in which the obligation to appoint the DPO applies include those where:
- core activities of an entity consist of personal data processing operations that require monitoring of persons (with such monitoring being regular and systematic);
- special categories of personal data or personal data relating to criminal convictions and offences are processed on a large scale.
In the circumstances specified above, business operators are under an obligation to appoint a DPO. However, as some of the terms used in the Regulation are undefined, such as “systematic monitoring of persons” or “large-scale” processing of personal data, controllers and processors should comprehensively analyse the data they process and the nature of such processing in order to determine whether they are subject to an obligation to appoint a data protection officer. The obligation in question can also be met by outsourcing the function of the DPO to a third party.
Furthermore, it should be noted that the Working Party set up under Article 29 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 as an independent advisory body on data protection and privacy (the “Working Party”) recommends that the DPO be appointed even by entities not required to do so under the law.
According to the GDPR, the tasks of the DPO are as follows:
- to inform the controller or the processor and the employees who carry out processing of their obligations under the GDPR and under other generally applicable data protection provisions;
- to monitor compliance with data protection laws;
- to provide advice and support to the controller as regards the data protection impact assessment in compliance with the GDPR;
- to act as a contact person between the administrator (processor) and the supervisory authority.
All the activities referred to above are also carried out by Radkiewicz Lawyers Poland as part of DPO outsourcing.
The role of the DPO may be performed under a civil-law agreement and the DPO’s tasks are subject to a confidentiality obligation. A data protection officer is independent, which means that they may not receive any instructions concerning the performance of their tasks, nor may they be dismissed or punished for carrying out their tasks. A DPO reports directly and exclusively to the management of the controller (processor), e.g. the management board of a company.
GDPR lawyer Warsaw – Personal data Protection in Poland
An opportunity to participate in GDPR training undoubtedly helps employees to better fulfil their tasks, as well as facilitates implementation by the employer of the technical and organisational measures required by the GDPR to ensure protection of the personal data processed in the organisation. Please do not hesitate to contact us. We are located at 59 Złota Street in Warsaw and can be reached by phone at +48 22 489 52 65.
Do you have any questions?
+48 22 489 52 65