It covers the areas identified as high-risk areas, which will be selected based on previous audits, breaches, inspections of the supervisory authority and current challenges in the area of data protection.

We can prepare RPAs and RCPAs (only with audits) as well as procedures and policies for: data retention, breach procedures, exercising rights of data subjects, creating backup copies, passwords, video surveillance, granting and removing access rights and authorisations for processing, issuing and returning equipment, implementing new technical solutions and processes. We can draft privacy notices for processes, as well as consent templates and privacy policies (only with audits).

We can organise a training before the audit, hold audit talks, examine documents and carry out a technical audit. We can arrange and analyse data (a post-audit task), and prepare a simplified version of the report. The full version of the report will include a description of the processes and any identified irregularities. After the whole process is over, we will prepare a presentation for the executive team and individual teams.

We can verify your business partners using a survey, from its preparation to distribution to analysing the results. We can also verify business partners through on-site audits (like ad hoc audits). We can draft data processing agreements, examine the existing agreements and deliver a report on outsourcing.

We can provide support in assessing breaches, notifying the supervisory authority and further communication, including with data subjects. We can also help mitigate the consequences of a breach and prevent it from occurring again in the future, while delivering a final report.

We use scanners to investigate known vulnerabilities; we examine the likelihood of XSS and SQLi attacks; we carry out fuzzing of existing forms; we investigate the possibility of enumerating the users and resources; we test for bruteforce and DDOS attack vulnerabilities.

A reliable, GDPR-compliant risk analysis is DAPR’s speciality. It covers the following:

– a so-called general assessment for compliance with Articles 24 and 32 of the GDPR;

– a preliminary assessment for eligibility for a data protection impact assessment (DPIA);

– a data protection impact assessment (DPIA).

We carry out the risk analysis using our own tool called RedIntoGreen, rounding off with a full report and a summary report.

We can help you not only to prepare documents and reports but also provide real support in their implementation. We can find out which changes need to be made across the processes and provide help with tweaking the systems. We can also handle industry implementations, such as www + cookies, mobile app, HR, newsletter, draw, contest, loyalty scheme, surveillance and more.

We can verify your website with regard to the privacy notice requirement, the processor, and potential consents under the GDPR, Poland’s Telecommunications Law and Electronic Services Act. We can analyse the cookies used, and implement a cookie manager. We can draft a privacy policy along with a full text and a summary of privacy notices as well as terms and conditions.

This package includes cyclical and ad-hoc audits, cyclical training of personnel involved in processing operations, verifying the functioning of procedures relating to the rights of data subjects, cyclical duty hours / meetings or set dates for regular phone consultations as well as collaboration with the supervisory authority. We investigate breaches, send out cyclical (monthly) newsletters. We assist in record keeping, privacy by design, risk analysis and DPIA.