PRIVACY AND SECURITY
We offer full scope support in the area of GDPR compliance, including auditing, implementation of changes, day-to-day data management and assistance in legal and organizational aspects. Over 2016-2018 we helped over 100 clients spending over 35.000 hours on the projects. Our clients comprised the largest telecoms, banks, insurance companies, media groups, e-commerce business and energy/infrastructure companies. Our advised is used for both local companies or polish subsidiaries, as well as for pan-european projects managed by us from Polish Headquarters (including e-commerce automotive giant Inter Cars Group as well as Nowy Styl Group with their furniture business).
For our international clients as well as international privacy professionals we are regularly preparing a GDPR Poland newsletter, please see the archive: July-August 2018, September 2018, October 2018, November 2018
For international Clients we selected a dedicated set of GDPR related services:
GDPR Implementation & Audits
While the majority of companies left the implementation stages behind them, there are still several organizations with GDPR to be either implemented (in full or in part). For these projects we may either run the implementation process in full or apply “delta-approach” in the project run by some other project leader. Our experience allow us to run the audit in a fast and efficient way, adapting our approach to the business goals and Clients’ expectations.
Localization of the GDPR implementation
Although GDPR was meant to unify data protection law and practice Europe-wide the reality is that there are numerous, significant differences in this field, resulting from country-specific laws, local DPA's approach and case law. This situation poses a non-compliance risk to groups of companies which are often trying to implement GDPR uniformly in all group's undertakings, overlooking local specificity. It happens that solutions that are working in line with the law in one country must be more or less trimmed to fit the local specific requirements. Localization service that we offer includes assessment of the means of GDPR implementation from the Polish perspective and advising on solutions that are as close as possible to the group's standard and remain compliant with the Polish law. Having vast experience in the GDPR implementation projects in Poland, including Polish-based affiliates of international groups we are well equipped to deliver top quality, business-driven advice.
DPO Outsourcing / Deputy DPO
While it is a common practice among international groups of undertakings to appoint a group DPO, it is often difficult for such a DPO to ensure proper supervision over all issues which relate to the protection of personal data on a local level. The reason for that being is the separation of a DPO from domestic affairs and day-to-day data processing activities, specifics of the local law and practice and sometimes a language barrier. Having that in mind we offer both DPO Outsourcing or Deputy DPO Outsourcing service which includes support in executing DPO's duties in the group's undertaking established in Poland. Acting as a relay, we implement DPO's strategy locally by managing communication (both internally and with data subjects and DPA), training staff, reviewing data processing agreements, conducting DPIA, investigating data protection breaches and taking other actions as agreed upon.
Negotiations with business partners based in Poland
Negotiating agreements with foreign counterparts has always been challenging, even without the GDPR in place. Now, once the GDPR impose even more requirements on both controllers and processors and as this new law brings uncertainty as to how should it be applied in practice, strengthen by country-specific differences, the challenge is far bigger. We offer support for controllers and processors in negotiating data processing agreements with business partners located in Poland as well as in the process of executing such agreements, e.g. by way of conducting audits, responding to incidents, obtaining information, pursuing and executing contractual penalties).
GDPR Helpdesk Poland
Applying the GDPR in business practice in Poland requires considering country-specific laws and approach of the local DPA. Poland has numerous laws in the fields of HR, banking, insurance, telecommunications, e-commerce, and marketing, to name the most significant ones, that hugely affect the processing of personal data. We offer our support in ensuring compliance of the projects and activities which involve processing of personal data under the Polish law. In particular, we support privacy by design analysis, risk analysis, data breach assessment, drafting notification or consent clauses, by-laws, internal data protection policies and data processing agreements, and other activities as agreed upon.
Proceedings before the Polish courts and DPA
The major change in data privacy landscape that has been brought to us by the GDPR is enforcement. DPAs and data subjects are now well equipped with tools that can be effectively used against controllers and processors whose data protection practices are questionable. As a part of our litigation practice, we offer representation in all kinds of proceedings before the Polish courts and DPA starting from DPA's inspection (including preparation to the inspection) through all administrative and court instances in Poland up to the Court of Justice of the European Union.
Representative of controller or processor not established in EU
The GDPR requires that the controller or processor not established in the EU designate a representative in the Union in case it offers goods or services to the data subjects in the EU or tracks their behavior that takes place within the EU. As part of our offer for foreign controllers and processors, we are ready to act in the capacity of their designated representative in the EU.
Certifications and codes of conduct are convenient means of managing the GDPR compliance. Our offer includes support in obtaining and maintaining certification from an authorized entity or DPA in Poland.