Privacy and data protection

Оne of the most frequently ordered services in the past years in Krasimira Kadieva’s practice are the services related to the personal  data protection.  Krasimira Kadieva has gained an extensive experience and provides a wide range of legal services to the clients in the field of personal data protection, such as the registration of personal data controllers before the Commission for Personal Data Protection, legal advice related to the processing of personal data, drafting of a wide range of documents related to the processing of personal data, such as instructions on the protection of personal data, personal data processing agreements, terms and conditions, privacy policies, cookies policies, contracts containing clauses relating to personal data protection, etc. Clients who have been using the legal services in the field of privacy and data protection over the years are both service providers, software developers, digital agencies, graphic designers, e-shops, construction companies, pharmaceutical companies as well as small companies that are just starting their business on the Internet.

With regard to the recently adopted General Data Protection Regulation (GDPR), which will enter into force on 25 May 2018, Krasimira Kadieva advises her clients on the duties of administrators and personal data processors in line with the new requirements of the GDPR, as well as adapting the practice of clients with the new requirements of the Regulation. For the preparation of the business of clients for the implementation and compliance with the new Regulation, Krasimira Kadieva has developed the service “Implementing the General Data Protection Regulation”, which includes: – consultation on the implementation and compliance with the GDPR; assessment of the need to appoint a data protection officer; – providing of three manuals containing practical steps to implement the General Data Protection Regulation, detailed description of the duties of the data controllers and the rights of the data subjects and the terms and conditions for exercising the rights of data subjects under the Regulation; – preparation of the full set of documents (more than 40 documents) required for legal implementation and compliance with the Regulation, including various types of requests, declarations, notifications, confirmations, agreements, contracts, data protection policy, protocols, internal procedures, verification and control procedures, forms of providing information, impact assessments, internal registers, instructions on personal data protection measures, etc.

Services provided to clients in this area include, but are not limited to:

  • Registration of personal data controllers before the Commission for Personal Data Protection;
  • Legal advice related to the processing of personal data;
  • Drafting of a wide range of documents related to the processing of personal data;
  • Drafting of instructions on the protection of personal data;
  • Drafting of personal data processing agreements;
  • Drafting of terms and conditions;
  • Drafting of privacy policies;
  • Drafting of cookies policies;
  • Drafting of contracts containing clauses relating to personal data protection;
  • Preparation of controllers’ and processors’ business according to the new General Data Protection Regulation (GDPR) requirements;
  • Consultations regarding the preparation for implementation of the new General Data Protection Regulation (GDPR);
  • Preparation of the full set of documents (more than 40 documents) required for legal implementation and compliance with the GDPR, including various types of requests, declarations, notifications, confirmations, agreements, contracts, data protection policy, etc.

PUBLICATIONS

SPECIFICS OF THE REGISTRATION OF DATA CONTROLLERS.

INSTRUCTION UNDER ORDINANCE 1 OF 30 JANUARY 2013 FOR THE MINIMUM LEVEL OF TECHNICAL AND ORGANIZATIONAL MEASURES AND THE ALLOWED TYPE OF PERSONAL DATA PROTECTION.

DRAFTING A PRIVACY POLICY.

DRAFTING A COOKIES POLICY.

OBLIGATIONS OF THE CONTROLLER UNDER REGULATION (EU) 2016/679.

RIGHTS OF DATA SUBJECTS UNDER REGULATION (EU) 2016/679 (GDPR).

PERFORMING AN IMPACT ASSESSMENT OF THE ENVISAGED PROCESSING OPERATIONS ON THE PROTECTION OF PERSONAL DATA.