GDPR implementation

The law firm provides services in the field of support in the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / WE (hereinafter – GDPR).
The Juvo team provides comprehensive assistance in matters of preparing the organization for compliance with the GDPR, which has been in force since May 25, 2018.

After conducting an appropriate inventory as part of the audit of personal data protection in the organization, the next step on the way to adapt the organization to the provisions of the GDPR is the practical implementation of appropriate organizational and technical solutions (such as internal instructions, procedures, information flow processes, training).

Implementation activities are based on recommendations resulting from the audit and are carried out on the basis of a schedule of activities agreed with the client.

The scope of implementation works

As part of adjusting the data processing processes, the client receives documents that make up the organisation’s comprehensive security policy (the final substantive scope of the documentation depends on the results of the audit and risk analysis), including:

  • risk assessment procedure for personal data processing activities
  • procedure for managing the organization’s IT resources in the context of security
  • assessment of the effects of personal data processing for selected processes
  • templates of the contract for entrusting the processing of personal data
  • register of processing activities / categories of processing activities
  • the procedure to be followed in the event of data protection breaches
  • information clauses for forms used to collect personal data
  • the procedure for managing the data subjects’ requests
  • selecting appropriate mechanisms to legalize the transfer of personal data to a third country.

We can extend the service in question with staff training (stationary training sessions or in the form of e-learning).
We focus on the implementation of personal data protection systems that support our clients’ business and are part of the strategy for optimizing business processes in the enterprise.
We prove that it is possible to manage the protection of personal data in the practice of any organization in an integrated manner, without excessive formalism, and at the same time maintaining the principles of transparency and accountability.