PERSONAL DATA PROTECTION
We specialize in crafting, evaluating and facilitating strategies related to the use of personal data by commercial entities. Our focus extends to cross-border processing of personal data and the unique requirements of specific industries (such as consumer goods sales, banking, crowdfunding platforms, online sales, and telecommunication services).
Our team of attorneys provides comprehensive legal assistance in the following areas:
- thorough audits to ensure compliance with the General Data Protection Regulation (GDPR), assistance in implementing measures to align with the GDPR, Digital Services Act (DSA), and the Digital Operational Resilience Act (DORA). Our goal is to prepare clients for evaluations by relevant regulatory bodies;
- ongoing legal guidance on data processing matters. Whether it is for continuous marketing campaigns or one-off initiatives, our tailored advice covers banks, crowdfunding platforms, television broadcasters, online sellers, and other service providers;
- review and creation of wide range of documents. These include external materials like privacy policies, informational clauses, cookie policies, and data processing agreements. Internally, we assess records of processing activities and data protection policies, ensuring compliance with internal company policies;
- conducting risk assessments, including Data Protection Impact Assessments (DPIA) and Legitimate Interest Assessments (LIA) to evaluate risks associated with data processing;
- analysis of both legal and technological aspects of personal data protection, providing comprehensive insights;
- developing educational programs for client personnel, enhancing their understanding of GDPR requirements and best practices;
- formulating, negotiating, and executing intricate plans related to the circulation of personal data. This includes joint data controllership arrangements, both domestically and internationally;
- responding to incidents. When personal data security breaches occur, we assess their impact, communicate with affected individuals, and report incidents to the President of the Personal Data Protection Office;
- crafting strategies to efficiently handle inquiries from data subjects, including response protocols and individual request replies;
- analysis and documentation of data flow processes within corporate entities, revising policies and agreements as needed;
- investigating data transfers to non-European Economic Area nations, performing risk assessments, and devising strategies to legitimize such transfers through legal frameworks and additional protective measures;
- advising on personal data processing within cloud computing environments;
- representing clients in proceedings before the President of the Personal Data Protection Office and administrative judiciary bodies.