Tyskie Centrum Pomocy Informatycznej
Tyskie Centrum Pomocy Informatycznej

GDPR IMPLEMENTATION

We specialize in the comprehensive and, most importantly, individual implementation of the General Data Protection Regulation – GDPR., which is effective from May 25, 2018 and covers every single company, no matter how big they are. GDPR must be implemented by every company from sole proprietorships to limited liability companies to joint stock companies. Our knowledge and experience covers both legal and IT aspects. Our experience dates back to the very beginning of GDPR, i.e. May 25, 2018, and has been successively increased by following the recommendations of the European Commission, IT changes, penalty analyses and interpretations of Personal Data Protection Authority . We believe that an IT specialist trained in legal issues will cope better with GDPR than a lawyer without IT knowledge.

We divide the implementation of GDPR into the following stages:

Talking with the Owner or Management of the company, agreeing on the scope of GDPR implementation and preparing the offer.

Scheduled site visit

  1. Conversation with the employees of each department to learn, their processes, ways of processing personal data, types of personal data, the need to collect it, the legal basis for processing it.
  2. Analysis of company documents, contracts.
  3. IT equipment data security check and analyzing existing IT policies

GDPR report

  1. Suggestions and implementation of improvements to current processes, ways of processing personal data
  2. Implement amendments to current contracts
  3. IT fixes so as to be compliant with GDPR, suggestions for IT policy changes

Conversation with the owner or management of the company, explaining what should be done and what the costs are. Implementation of established solutions.

Inventory of Personal Data Processing Processes including:

  1. Title of personal data processing
  2. Legal grounds for its processing, e.g. Law, legitimate interest
  3. The purpose of processing personal data, e.g. Conclusion of a contract, Legitimate Interest (a separate document justifying that the Company’s interest is greater than that of the data subject)
  4. Categories of personal entities e.g. Employees.
  5. Categories of personal data e.g. First Name, Last Name.
  6. Categories of recipients to whom personal data have been or will be disclosed, e.g. Accounting and personnel companies
  7. Time limit for deletion of data e.g. 10 years
  8. Special categories of personal data, e.g. Health data
  9. Is the data sent outside the European Economic Area – EEA?
  10. Technical and organizational security measures. A separate list of how secure the processing of personal data is.

Preparation of the GDPR information clause and how to distribute it .

Preparation of Annexes to existing contracts:

  1. Annexes to employment contracts
  2. Annex to commission agreements
  3. Annex to personal data entrustment agreements

Creation of authorizations to process personal data for employees hired with an employment contract or a contract of mandate

Creation of Data Processing Agreements for B2B companies, service providers, companies to which we transfer personal data

Draw up a procedure in the event of a data leak or inquiry by a data subject

  1. Data leak or an inquiry from the data subject
  2. In the event of a leak, when the 72 hours to notify president of the office of personal data protection or write an internal memo, assess the risk, set up a crisis team begin
  3. For the data subject: How to accept an inquiry, 30 days to respond, analysis and response

Analysis of whether the company needs or requires a Data Protection Officer

Employee training.

TCPI sp z o.o.’s information clause is available HERE: :