Implementing the General Data Protection Regulation (GDPR)

Protection and processing of personal data have been fully reformed with the adoption of the new Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which shall apply from May 25, 2018. The Regulation introduces a number of changes to the current legal framework, which concern all companies processing personal data of customers, staff and other counterparts. In order to comply with the requirements of the Regulation, administrators should prepare their business both legally and technically.

One of the most frequently ordered services over the past years in the practice of Krasimira Kadieva are the services related to the protection of personal data. Krasimira Kadieva has gained an extensive experience and provides a wide range of legal services to the clients in the field of personal data protection. In connection with the newly adopted GDPR, Kadieva provides legal services for the preparation of the business of clients for the implementation and compliance with the Regulation on the legal side.

For the preparation of the business of clients for the implementation and compliance with the new Regulation, Krasimira Kadieva has developed the service “Implementing the General Data Protection Regulation”.

“Implementing the General Data Protection Regulation” service includes:

1. Consultation on the implementation and compliance with the GDPR.

2. Assessment of the need to appoint a Data Protection Officer.

3. Providing of the following manuals, namely:

  • A manual containing practical steps to implement the General Data Protection Regulation.
  • A manual containing a detailed description of the duties of the data controllers.
  • A manual containing a detailed description of the rights of the data subjects and the terms and conditions for exercising the rights of data subjects under the Regulation.
  • Rules for working with clients and personal data.
  • Terms for storing documents.
  • How to prepare your website for the GDPR?

4. Preparation of the full set of documents (more than 40 documents) required for legal implementation and compliance with the Regulation, including various types of requests, declarations, notifications, confirmations, agreements, contracts, data protection policy,protocols, internal procedures, verification and control procedures, forms of providing information etc.

The complete set of documents for compliance with Regulation (EU) 2016/679 (GDPR) includes the following documents, namely:

  • A detailed Privacy policy;
  • Instruction for the minimum level of technical and organizational measures and the allowed type of personal data protection;
  • Internal Privacy policy;
  • Notification of Privacy;
  • Internal procedures for fulfilling the obligations of the data controller and the rights of the individuals;
  • Agreement between a controller and a processor of personal data;
  • Permission for including of another processor of personal data;
  • Notification to other processors of erasure;
  • Consent for the processing of personal data;
  • Request for termination of the processing of personal data;
  • Request to terminate the processing of personal data for the purpose of direct marketing;
  • Statement of consent by an employee for non-disclosure of personal data;
  • Record of staff training for reaction to events threatening personal data;
  • Training protocol for the personnel;
  • Procedures for inspection and control of the processing of personal data;
  • Checklist from an inspection in the departments of the controller;
  • Checklist from an inspection of personal data processors;
  • List of employees familiar with the Instruction on the mechanism of personal data processing and their protection in the maintained registers.
  • Declaration of consent to the processing of personal data;
  • Request for erasure of personal data;
  • Request for rectification of inaccurate personal data;
  • Request for restriction of processing;
  • Request for confirmation for processing of personal data;
  • Request to provide the names of recipients to whom personal data has been disclosed;
  • Request for transfer of personal data;
  • Confirmation for processing of personal data;
  • Register of personal data breaches;
  • Consent to processing after a restriction of processing;
  • Notification to the Supervisory Authority for a security breach;
  • Notification to personal data recipients for the erasure of personal data;
  • Notification to personal data recipients for a rectification;
  • Notification to personal data recipients for a restriction of processing;
  • Notification to the subject for a security breach;
  • Notification to the individual for disclosure of personal data to another recipient;
  • Notification for non-processing of personal data;
  • Notification for non-action;
  • Notification for restriction of processing;
  • Notification for an extension of a period;
  • Notification by the processor to the controller for a security breach;
  • Notification about the processing of personal data for another purpose;
  • Notification about recipients of personal data;
  • Consent from a parent;
  • Notification for a withdrawal of consent to the processing of personal data;
  • Protocol for the destruction of personal data;
  • Declaration of consent by an employee for video surveillance;
  • Objection to the processing of personal data based on automated decision making;
  • Job description of a Data Protection Officer;
  • Order for appointing of a Data Protection Officer;
  • Agreement between a controller and a Data Protection Officer;
  • Impact assessment.

Since the Regulation introduces changes to the current legal framework and new obligations for controllers, when implementing it on a legal basis, a number of specificities have to be taken into account and a wide range of documents have to be  prepared in order the requirements of the Regulation to be met. It is therefore advisable to seek the assistance of a specialist in this field. Krasimira Kadieva will gladly assist you to prepare your business for the implementation and compliance with the General Data Protection Regulation Regulation by providing of a professional advice and preparing the full set of documents that are necessary for the implementation and compliance with the GDPR.

Among the clients who have been consulted by Krasimira Kadieva over the past months with drafting of the documents required for compliance with the Regulation (EU) 2016/679 are service providers, software developers, digital agencies, e-shops, pharmaceutical companies, construction companies, accounting companies, transport companies, cosmetics manufacturers, food producers, career media, insurance brokers, restaurant owners, companies providing services in the construction, maintenance and commissioning of internal electrical installations, as well as a company that distributes heat pump, solar and air conditioning systems. Legal implementation of the GDPR is a two-way process in which the client’s assistance is required by filling of a special questionnaire and providing the necessary information for the preparation of the documents. Krasimira Kadieva has helped the clients in drafting of the necessary documents, as well as in the implementation of internal procedures for the fulfillment of the duties of the Controller, as well as inspection and control procedures.

If you would like to receive more information or take advantage of the “Implementing the General Data Protection Regulation” service, please do not hesitate to contact Krasimira Kadieva at 00359 882 308 670 or by using the contact form of this website.

PUBLICATIONS

DRAFTING A PRIVACY POLICY.

DRAFTING A COOKIES POLICY.

OBLIGATIONS OF THE CONTROLLER UNDER REGULATION (EU) 2016/679.

RIGHTS OF DATA SUBJECTS UNDER REGULATION (EU) 2016/679 (GDPR).

PERFORMING AN IMPACT ASSESSMENT OF THE ENVISAGED PROCESSING OPERATIONS ON THE PROTECTION OF PERSONAL DATA.