Protection and processing of personal data have been fully reformed with the adoption of the new Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), which shall apply from May 25, 2018. For the preparation of the business of clients for the implementation and compliance with the new Regulation, Krasimira Kadieva has developed the service “Implementing the General Data Protection Regulation”.
“Implementing the General Data Protection Regulation” service includes:
1. Consultation on the implementation and compliance with the GDPR.
2. Assessment of the need to appoint a Data Protection Officer.
3. Providing of the following manuals, namely:
- A manual containing practical steps to implement the General Data Protection Regulation.
- A manual containing a detailed description of the duties of the data controllers.
- A manual containing a detailed description of the rights of the data subjects and the terms and conditions for exercising the rights of data subjects under the Regulation.
- Rules for working with clients and personal data.
- Terms for storing documents.
- How to prepare your website for the GDPR?
4. Preparation of the full set of documents (more than 40 documents) required for legal implementation and compliance with the Regulation, including various types of requests, declarations, notifications, confirmations, agreements, contracts, data protection policy, etc.
The complete set of documents for compliance with Regulation (EU) 2016/679 (GDPR) includes the following documents, namely:
- A detailed Privacy policy;
- Instruction for the minimum level of technical and organizational measures and the allowed type of personal data protection;
- Internal Privacy policy;
- Notification of Privacy;
- Internal procedures for fulfilling the obligations of the data controller and the rights of the individuals;
- Agreement between a controller and a processor of personal data;
- Permission for including of another processor of personal data;
- Notification to other processors of erasure;
- Consent for the processing of personal data;
- Request for termination of the processing of personal data;
- Request to terminate the processing of personal data for the purpose of direct marketing;
- Statement of consent by an employee for non-disclosure of personal data;
- Record of staff training for reaction to events threatening personal data;
- Training protocol for the personnel;
- Procedures for inspection and control of the processing of personal data;
- Checklist from an inspection in the departments of the controller;
- Checklist from an inspection of personal data processors;
- List of employees familiar with the Instruction on the mechanism of personal data processing and their protection in the maintained registers.
- Declaration of consent to the processing of personal data;
- Request for erasure of personal data;
- Request for rectification of inaccurate personal data;
- Request for restriction of processing;
- Request for confirmation for processing of personal data;
- Request to provide the names of recipients to whom personal data has been disclosed;
- Request for transfer of personal data;
- Confirmation for processing of personal data;
- Register of personal data breaches;
- Consent to processing after a restriction of processing;
- Notification to the Supervisory Authority for a security breach;
- Notification to personal data recipients for the erasure of personal data;
- Notification to personal data recipients for a rectification;
- Notification to personal data recipients for a restriction of processing;
- Notification to the subject for a security breach;
- Notification to the individual for disclosure of personal data to another recipient;
- Notification for non-processing of personal data;
- Notification for non-action;
- Notification for restriction of processing;
- Notification for an extension of a period;
- Notification by the processor to the controller for a security breach;
- Notification about the processing of personal data for another purpose;
- Notification about recipients of personal data;
- Consent from a parent;
- Notification for a withdrawal of consent to the processing of personal data;
- Protocol for the destruction of personal data;
- Declaration of consent by an employee for video surveillance;
- Objection to the processing of personal data based on automated decision making;
- Job description of a Data Protection Officer;
- Order for appointing of a Data Protection Officer;
- Agreement between a controller and a Data Protection Officer;
- Impact assessment.
If you would like to receive more information or take advantage of the “Implementing the General Data Protection Regulation” service, please do not hesitate to contact Krasimira Kadieva at 00359 882 308 670 or by using the contact form of this website.