GDPR is a legislative obligation that is often perceived as burdensome and can even be viewed negatively in smaller companies. However, the current trend, especially in the area of information and cybersecurity incidents, puts this obligation in a completely different light and clearly highlights the essential need to protect personal data—whether it is your own, your family’s, friends’, employees’, etc. It is important to realize that the essence of personal data protection is not just about filling out mandatory documents and records, but about a securely configured technological environment, physical security, and also the knowledge of people on how to handle personal data.
Our primary goal is to help set up security processes and technologies within the company, raise awareness about personal data protection—train employees to understand what GDPR means and the reasons behind its implementation—and only then process the documentation required by legislation. Only then does it all make sense.
It is important to recognize the interconnection between GDPR, information security management systems (ISMS), and the requirements of the Cybersecurity Act, where personal data is defined as an information asset and the standard or law defines requirements on how to secure it so that confidentiality, integrity, or availability is not compromised.
Within our services, we provide the following GDPR-related services in accordance with legislation:
- Consultations
- Implementations
- Basic documentation implementation
- Detailed GDPR implementation on technical, procedural, and documentation levels
- Audits
- Provision of Data Protection Officer (DPO) services
More about legislative requirements can be found at the following links:
Slovak Republic
Act No. 18/2018 Coll. on Personal Data Protection and on Amendments to Certain Acts
Czech Republic
Act No. 110/2019 Coll. on the Processing of Personal Data
EU Legislation