top of page

GDPR is a Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of persons about the processing of personal data and on the free movement of such data. It aims to increase the protection of personal data and harmonize data protection rules across the EU.


GDPR applies to all processors of personal data of employees, customers, clients, or suppliers in connection with the activities of the controller's or processor's establishment in the EU, in other words, anyone who collects or processes personal data regardless of the legal form.

What are the responsibilities of organizations?

  • To consult with the supervisory authority before the actual processing of personal data

  • Risk processing

  • Ensuring  the necessary data protection (technical, organizational, and procedural measures)

  • Appointing Data Protection Officers in certain cases

  • Keeping records of personal data processing activities

  • Notification of personal data breaches to the Data Protection Authority

What we offer

  • Compliance audits (initial audits to assess GDPR readiness):

    • Review of existing documentation

    • Assessment of data protection status

    • Preparation of the audit report

    • Developing a proposal for measures to minimize identified weaknesses, including priorities

    • Audits of GDPR changes and measures already in place

  • Risk analysis:

    • Detailed hazard identification, assessment, and risk analysis

  • Drafting of measures, including GDPR guidelines:

    • Development of draft measures to minimize identified vulnerabilities including priorities

    • Comparison of findings with GDPR requirements and proposal for changes to current practice

  • Expert assistance in the implementation of measures:

    • Support for implementation of specific GDPR measures in operation (may include support from IT specialists, HR and physical security specialists, legal aspects, etc.)

bottom of page