Basically, there is no organization that does not process any personal data at all. Depending on the extent and the way of personal data processing your organization have to follow legislative regulations and implement all required measures.
Obligations do not only concern so-called data controller, who has the primary responsibility data processing, but also the data processor who processes the personal data on behalf of the controller. The method and form of obtaining personal data, obtaining consent to their processing, processing it correctly, appointing a responsible person (DPO), creating related security documentation is just a short list of obligations under European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as the GDPR Regulation) and the Czech legislation.
The actual implementation of the GDPR requirements has to be addressed individually for given company / organization and should be covered by the security documentation covering personal data protection.
Security documentation objectives
By creating the security documentation you can partly fulfil both: the GDPR Regulation and the Personal Data Protection Act. The next part is the practical application of the defined rules into everyday practice in order to achieve a real protection of personal data.
An indisputable advantage is creating the turnkey GDPR documentation to meet all the legal requirements imposed on the your organization due to its specific situation. DCIT consultants in these projects will not only bring their experience in the area of personal data protection but also a wider range of experience in the field technical cyber security. Where appropriate, GDPR analysis may be complemented by technical security assessment.
To provide comprehensive set of GDRP services, our company also provides also additional services:
assessment (gap analysis) of your organization's GDPR compliance
update existing personal data protection documentation (based on previous legislative framework)
training of key personnel responsible for GDPR in your organisation
outsourcing of some processes / roles related to GDPR (e.g. DPO role)
For questions about specific services in this area, do not hesitate to contact us.
European Regulation 2016/679 – GDPR on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
well-established international ISO standards – ISO/IEC 27002, ISO/IEC 27005
If you are interested in more details please contact us.