In March 2020, a client contacted us, with whom we have worked on numerous projects over the last three years. This time the client contacted us regarding the legal implementation of Regulation (EU) 2016/679 (GDPR). We have sent a questionnaire to our client that contains a number of questions, the answers to which will help us to perform the service. The service includes the preparation of the complete set of documents necessary for the controller to fulfill its obligations under the data protection regulation, which includes the following documents, namely:
- A detailed Privacy policy;
- Instruction for the minimum level of technical and organizational measures and the allowed type of personal data protection;
- Internal Privacy policy;
- Notification of Privacy;
- Internal procedures for fulfilling the obligations of the data controller and the rights of the individuals;
- Agreement between a controller and a processor of personal data;
- Permission for including another processor of personal data;
- Notification to other processors of erasure;
- Consent for the processing of personal data;
- Request for termination of the processing of personal data;
- Request to terminate the processing of personal data for the purpose of direct marketing;
- Statement of consent by an employee for non-disclosure of personal data;
- Record of staff training for reaction to events threatening personal data;
- Training protocol for the personnel;
- Procedures for inspection and control of the processing of personal data;
- Checklist from an inspection in the departments of the controller;
- Checklist from an inspection of personal data processors;
- List of employees familiar with the Instruction on the mechanism of personal data processing and their protection in the maintained registers.
- Declaration of consent to the processing of personal data;
- Request for the erasure of personal data;
- Request for rectification of inaccurate personal data;
- Request for the restriction of processing;
- Request for confirmation for processing of personal data;
- Request to provide the names of recipients to whom personal data has been disclosed;
- Request for transfer of personal data;
- Confirmation for processing of personal data;
- Register of personal data breaches;
- Consent to processing after a restriction of processing;
- Notification to the Supervisory Authority for a security breach;
- Notification to personal data recipients for the erasure of personal data;
- Notification to personal data recipients for a rectification;
- Notification to personal data recipients for a restriction of processing;
- Notification to the subject for a security breach;
- Notification to the individual for disclosure of personal data to another recipient;
- Notification for non-processing of personal data;
- Notification for non-action;
- Notification for restriction of processing;
- Notification for an extension of a period;
- Notification by the processor to the controller for a security breach;
- Notification about the processing of personal data for another purpose;
- Notification about recipients of personal data;
- Notification for withdrawal of consent to the processing of personal data;
- Protocol for the destruction of personal data;
- Declaration of consent by an employee for video surveillance;
- Objection to the processing of personal data based on automated decision making;
- Impact assessment.
Additionally, we consulted our client regarding the need to appoint a Data Protection Officer and provided him with additional materials, prepared by us, namely:
- A manual containing practical steps to implement the General Data Protection Regulation.
- A manual containing a detailed description of the duties of the data controllers.
- A manual containing a detailed description of the rights of the data subjects and the terms and conditions for exercising the rights of data subjects under the Regulation.
- Rules for working with clients and personal data.
- Terms for storing documents.
- How to prepare your website for the GDPR?
We were able to provide the client with the most complete and the best possible service, completing the project within the agreed timeframe.