Implementation of the GDPR in a company – DOIT.BIZ Sp. z o.o.

Implementation of the GDPR in a company

Benefit from a comprehensive offer for GDPR implementation services for your company or organisation. It will give you peace of mind and allow you to process personal data in a way that complies with all applicable legislation. The implementation of the GDPR in a company does not have to be scary or time-consuming, and introducing the relevant procedures with our help is always successful. Find out how much you can gain from working with us.

Full GDPR implementation in your company

We will prepare a customised service package for you, including the implementation of the GDPR in a way that suits the characteristics of your business. Our GDPR implementation services include:

  • Performing risk analysis of the processing of personal data,
  • Introduction of appropriate procedures,
  • Preparation of a list of measures the company has put in place for the implementation of the GDPR, required by the Personal Data Protection Office.
  • Practical training to help you comply with data subjects’ rights.

We offer the following GDPR implementation services:

  • Audit of the company’s compliance with the Personal Data Protection Act and the Regulation (EU) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (GDPR).
  • Training of current and future employees on personal data protection issues.
  • Preparing documentation for the records of personal data processing activities performed in the company.
  • Preparing Information Security Policy documentation.
  • Preparing documentation for the management manuals for systems which process personal data. Preparing authorisations to process personal data.
  • Preparing personal data processing agreements. Preparing an order appointing the Personal Data Controller.
  • Drawing up of periodic reports.
  • Preparing the notification of the designation of the Data Protection Officer required by the Personal Data Protection Office.
  • Representing the Personal Data Controller in dealing with the UODO.
  • Acting as your company’s Data Protection Officer (DPO).

We have experience in data protection

We specialise in implementing the GDPR in businesses. We have successfully completed hundreds of projects for various organisations, companies, and partnerships, and have been active in the market for many years. We were providing data protection services even before the GDPR was adopted, and thanks to our experience and credentials, we are able to effectively support your business, too.

We are constantly developing our competencies

Implementing the GDPR in a small company or a large enterprise is a series of carefully thought-out steps, and the technological possibilities and risks are constantly evolving. That is why we are not resting on our laurels. We continue to develop our skills by attending various industry events, including as speakers. In terms of the GDPR, we know everything there is to know about the implementation of an entire data protection system.

We work all around Poland

Our team of experts carries out projects all around Poland, for a wide variety of companies, both large and growing. We have our own dedicated procedure base to ensure the best GDPR implementation. The offer is always tailored to your specific industry and line of business.

Our clients get a professional and proven product – a GDPR implementation that works. Entrust personal data protection to us and forget about the distraction that legal documentation is. Enjoy being able to focus fully on business development.

Which companies need to implement the GDPR?

Personal data security applies to every area of business operations, i.e:

  • IT,
  • marketing,
  • customer acquisition,
  • sales,
  • service provision,
  • manufacturing,
  • logistics,
  • forwarding,
  • complaints,
  • personnel and payroll activities,
  • accounting,
  • contacts with the authorities and institutions.

The implementation of the GDPR is necessary in every company because personal data of employees, contractors, and customers are processed everywhere.

What does the implementation of the GDPR look like in a company?

The process of implementing personal data protection in a company covers the following areas:

GDPR in human resources

RECRUITMENT AND NEW EMPLOYEES

  • Recruitment policy
  • Instructions on GDPR information clauses for recruitment purposes
  • Candidate questionnaire with instructions
  • Medical referral with instructions
  • Onboarding policy
  • Information clause for the person designated as the contact person in the event of an accident

EMPLOYEE DOCUMENTATION

  • Data processing authorisations for employees
  • Procedure for granting authorisations and their record – there is a manual
  • Record of data processing authorisations issued to employees
  • Confidentiality statements for employees
  • Record of statements issued
  • Employee consents (including image and communication)
  • Contracts for the entrustment of property to an employee
  • Work station handover report

INITIAL TRAINING FOR EMPLOYEES

  • Employee training procedure
  • Training attendance lists
  • Simplified Regulations for the Processing of Personal Data
  • Clear desk and screen rules
  • Instructions on the use of e-mail and other electronic means of communication

ADAPTATION OF INTERNAL REGULATIONS

  • Amendments to the work rules
  • Amendments to the rules of ZFŚS [Employee Social Benefit Fund]
  • Instruction on the protection of personal data in the management of PPK [Employee Capital Plans]

Personal data protection and information security

IMPLEMENTATION OF THE GDPR – IT AREA

  • Inventory of IT systems (21 security questions)
  • IT security policy (safeguards, backups, restoration, reviews)
  • Regulations for the use of IT systems
  • E-mail data processing policy
  • Remote work regulations
  • Regulations for the use of private devices

IMPLEMENTATION OF THE GDPR – MANAGING ACCESS TO PROCESSING AREAS

  • Key policy
  • Authorisation to use keys
  • Record of keys
  • Spare key issue register

IMPLEMENTATION OF THE GDPR – ARCHIVING AND HANDLING OF DOCUMENTS

  • Data archiving and disposal policy
  • Office procedure instructions
  • File disposal report
  • Regulations for the handling of documents
  • Backup procedure
  • Procedure for the deletion of data and destruction of data storage media
  • Data sharing instructions

IMPLEMENTATION OF THE GDPR – VIDEO SURVEILLANCE MANAGEMENT

  • Assessment of the adequacy of monitoring
  • Video surveillance management policy
  • Authorisations for monitoring staff or an external company
  • Recording handover report
  • Recording handover register
  • Information clause regarding video surveillance

Ensuring legal compliance

OBLIGATION TO PROVIDE INFORMATION, CONSENT AND RECORD THEREOF

  • Consent clauses for the processing of personal data for customers
  • Record of data processing consents granted by customers
  • Information clauses for contractors
  • Instructions on the use of information clauses
  • Regulations for data sharing
  • Record of fulfilment of the obligation to provide information
  • Policy on the exercise of data subjects’ rights

HANDLING PERSONAL DATA PROTECTION BREACHES

  • Procedure for dealing with breaches and incidents
  • Instructions for notifying the Data Protection Officer of breaches
  • Breach reports and UODO notification reports
  • Record of security breaches

DATA PROCESSING AGREEMENTS

  • Instructions and examples of services requiring a data processing agreement
  • Personal data processing agreements
  • Record of data processing agreements

INVENTORY

  • Record of processing activities
  • Record of categories of processing activities – as processor

RISK ANALYSES

  • Risk analysis
  • Data Protection Impact Assessments (DPIAs)
  • Balancing tests

IMPLEMENTATION OF (THE GDPR) A PERSONAL DATA SECURITY POLICY

  • Personal data security policy
  • Order on the adoption of a personal data security policy
  • Privacy by design documentation
  • Privacy by default documentation, list of potential risks, list of potential safeguards
  • List of the implemented technical and organisational security measures

TRAINING ON PERSONAL DATA SECURITY POLICY

  • Regulations for the processing of personal data for employees
  • Training attendance list

PERIODIC FOLLOW-UP GDPR COMPLIANCE AUDITS

  • Internal audit procedure
  • Data protection system check plan
  • Data protection system audit reports (follow-up audit results)

Customised GDPR implementation services

Each of the services we provide to you is individually selected and tailored to the needs and capabilities of your company. We try not to burden your employees. We take on the comprehensive task of making your company fully compliant with the Personal Data Protection Act and EU regulations and legislation.

We guarantee that such extensive care will ensure the security of your company and protection of the personal data it processes, and that the time saved by your employees thanks to our engagement will contribute to improving the efficiency of your business.

YOU focus on running your business. Let US take care of data protection.

Want to find out more about the GDPR implementation services? Feel free to CONTACT US