GDPR COMPLIANCE

Compliance in accordance with GDPR

ORGANIZATIONAL MEASURES FOR PERSONAL DATA

Compliance of the business activity in accordance with GDPR

The set of organizational measures for personal data protection that will need to be implemented depends on each individual business activity.

The General Data Protection Regulation (GDPR) sets out a requirement to regulate security measures in accordance with the needs and real capabilities of the business entity. As there are no two business entities with exactly the same business and capabilities, we cannot determine universal protection measures in advance, but it is necessary to establish a separate set for each individual business entity that would reflect the adequate protection of personal data and regulation.

Arranging organizational safeguards is not a one-off process but is a continuous arrangement throughout the “lifespan” of the business activity, as GDPR requires an arrangement that is in line with needs and capabilities and is subjected to constant change.

By the term "compliance related to business activity in accordance with GDPR" we mean the initial arrangement of organizational protection measures, that is, the initial set of measures that are implemented relative to the current needs and capabilities of the business entity, which need to be further upgraded and supplemented.

The most common procedures for basic corrections relative to protection measures are:

- Identification of business processes by which data is collected and processed

- Determining a valid basis for analysis, a necessary and minimum set of data required

- Identification of possible legitimate interests

- Confidentiality statements relative to employees and third parties

- Arranging Relationships with processors of the audit

- Setting up personal data processing records

- Setting up processing records for other managers (with processors)

- Identifying all places and methods of collecting personal information

- Arrangement for providing information relative to collection and processing of personal information

- Arranging the protection of personal information collected through websites and social networks

- Arranging data protection relative to performing video surveillance

- Arranging data protection relative to using information technology

- Regulation of storage deadlines

- Conducting a data protection impact assessment

- Managing requests for protection of rights

- Risk assessment of personal data protection

- Policy development, procedures and work instructions

- Determining the status of technical protection measures and the need to implement new measures or updating of the existing ones

Procedures and data protection measures are established at the point when all the necessary information has been provided and the inspection has been carried out.

Regular updating and arrangement concerning protection measures.

At the point when an organization has already established a certain level of personal data protection, we are able to detect a continuous upgrade of organizational security measures set up to meet the requirement of harmonization and personal data protection in accordance with the current capabilities and needs of the organization.

Regular updating and arrangement concerning protection measures are related to:

• Updating existing organizational protection measures (for example: policy updates)

• Protection upgrade by using new organizational measures (for example: introduction of new procedures)

• Review and correction of existing organizational measures