We have drafted an Instruction for the minimum level of technical and organizational measures and the allowed type of personal data protection

October 18, 2018


In August 2016, a client in the pharmaceutical sector contacted and hired us to draft an instruction under Ordinance No. 1 of 30 January 2013 for the minimum level of technical and organizational measures and the allowed type of personal data protection. The client assisted us by providing the necessary information to prepare the Instruction on time that contains the following information:

  1. identification of the data controller;
  2. general description of the registers maintained – categories of personal data and reasons for their processing;
  3. technological description of maintained registers – data media, processing technology, the period of storage life and services rendered;
  4. determining the positions associated with processing and protection of personal data, their rights, and obligations;
  5. impact assessment and determination of the respective level of protection – extremely high, high, medium, low;
  6. description of the technical and organizational measures taken;
  7. actions for protection in case of accidents, incidents, and disasters (fire, flood, etc.);
  8. provision of personal data to third parties – reasons, purposes, categories of personal data;
  9. time-limit for conducting periodic reviews of the need for data processing and deletion of data;
  10. determining the procedure for the implementation of the obligations under Article 25 of the Personal Data Protection Act. According to Article 25 of the Personal Data Protection Act after the achievement of the purpose of personal data processing or before the termination of the personal data processing, the data controller shall be required either to destroy the data or transfer them to another data controller by preliminary notification to the Commission, if such transfer is specified in a law and the purposes of processing are identical.

Our client maintains four registers in total. The information referred to under items 2 to 10 above was described for each of the four registers maintained by our client.


error: Content is protected !!