Services for GDPR
Annual audit
It covers the areas identified as high-risk areas, which will be selected based on previous audits, breaches, inspections of the supervisory authority and current challenges in the area of data protection.
Documentation
We can prepare RPAs and RCPAs (only with audits) as well as procedures and policies for: data retention, breach procedures, exercising rights of data subjects, creating backup copies, passwords, video surveillance, granting and removing access rights and authorisations for processing, issuing and returning equipment, implementing new technical solutions and processes. We can draft privacy notices for processes, as well as consent templates and privacy policies (only with audits).
External, implementation, technical audit
We can organise a training before the audit, hold audit talks, examine documents and carry out a technical audit. We can arrange and analyse data (a post-audit task), and prepare a simplified version of the report. The full version of the report will include a description of the processes and any identified irregularities. After the whole process is over, we will prepare a presentation for the executive team and individual teams.
Outsourcing
We can verify your business partners using a survey, from its preparation to distribution to analysing the results. We can also verify business partners through on-site audits (like ad hoc audits). We can draft data processing agreements, examine the existing agreements and deliver a report on outsourcing.
Breaches
We can provide support in assessing breaches, notifying the supervisory authority and further communication, including with data subjects. We can also help mitigate the consequences of a breach and prevent it from occurring again in the future, while delivering a final report.
Pentests
We use scanners to investigate known vulnerabilities; we examine the likelihood of XSS and SQLi attacks; we carry out fuzzing of existing forms; we investigate the possibility of enumerating the users and resources; we test for bruteforce and DDOS attack vulnerabilities.
Risk analysis
A reliable, GDPR-compliant risk analysis is DAPR’s speciality. It covers the following:
– a so-called general assessment for compliance with Articles 24 and 32 of the GDPR;
– a preliminary assessment for eligibility for a data protection impact assessment (DPIA);
– a data protection impact assessment (DPIA).
We carry out the risk analysis using our own tool called RedIntoGreen, rounding off with a full report and a summary report.
Implementation
We can help you not only to prepare documents and reports but also provide real support in their implementation. We can find out which changes need to be made across the processes and provide help with tweaking the systems. We can also handle industry implementations, such as www + cookies, mobile app, HR, newsletter, draw, contest, loyalty scheme, surveillance and more.
Website compliant with the GDPR and Polish telecommunications regulations
We can verify your website with regard to the privacy notice requirement, the processor, and potential consents under the GDPR, Poland’s Telecommunications Law and Electronic Services Act. We can analyse the cookies used, and implement a cookie manager. We can draft a privacy policy along with a full text and a summary of privacy notices as well as terms and conditions.
Outsourcing the function of external Data Protection Officer
This package includes cyclical and ad-hoc audits, cyclical training of personnel involved in processing operations, verifying the functioning of procedures relating to the rights of data subjects, cyclical duty hours / meetings or set dates for regular phone consultations as well as collaboration with the supervisory authority. We investigate breaches, send out cyclical (monthly) newsletters. We assist in record keeping, privacy by design, risk analysis and DPIA.
Nasze pozostałe usługi
AML
Risk analysis, outsourcing, transaction monitoring, implementations, audits, KYC, obligated institution assessment, training courses.
SzczegółyWhistleblowers
Audits of exisiting notification systems. Implementations including drafting procedure templates, bylaws and other documentation; training courses.
Szczegóły