GDPR Compliance is a legal advisory service offered by the law firm “Alina Szilaghi”. Law Office “Alina Szilaghi” was formed in 2005 and specializes in intellectual property, personal data protection, information technology and human rights, both from the perspective of private law and civil law. Within the company, lawyers undergoing European certification of competencies in the application of the GDPR are working.
GDPR is an acronym of the European Union Personnel Data Protection Regulation in force in May 25, 2018.
The Regulation introduces for the first time in Romanian law a series of rights of the person, in line with a series of obligations of legal persons that operate or process personal data. Personal data is any data that can be used to identify a person, including name, CNP, or address. Some data about a person, such as his / her health status, criminal antecedence, belonging to a disadvantaged group, etc. are considered sensitive data and enjoy increased protection.
The new obligations imposed by the Regulation will affect all persons who perform operations with such data, but especially those that operate sensitive data (medical clinics, pharmacies, school institutions, notaries and lawyers, etc.) or those operating with such data business data (recruitment companies, online stores, etc.).
These obligations are extremely restrictive, as the fines imposed by the new Regulation in the case of non-compliance with established obligations are up to 10% of the income of the legal person.
What needs to be done since 25 May 2018 depends on the nature of the business, the type of collection data, the way that data is used and operated. There is no universal answer to this question. Some legal entities will be required to designate a person for the role of Data Protection Officer (DPO), others not having such an obligation. For some operations with personal data, the prior consent of the person concerned is required, for others not. Consequently, the first thing to do is an audit of the scope of the Regulation on how to collect, archive or use personal data, followed by taking the necessary action. Some of these activities and measures will generate costs, but reduced compared to the applicable fines.
Attorney’s office “Alina Szilaghi” offers you first of all an audit of your company’s activity to determine exactly the obligations you have to respect. Subsequently, the Law Office “Alina Szilaghi” offers you specialized advice for the preparation of the following documents:
2. Terms and Conditions
3. Confidentiality Agreement
4. Data protection policy – Safety measures and risk management plan
5. Consent card
6. Register of complaints and complaints
7. Register of security breaches and remedies taken
8. IPA Impact Assessment Report
9. Notification of incidents to eliminate / mitigate the effects of the incident
10. Security breach notification
11. Register of requests
12. Third party register
13. Authority Notification
14. Notification of data held by the data subject
15. Personal training record
16. Audit Report
17. Contract with the DPO / job description
18. A record containing the data
19. Audit evidence document
To request an online legal consultation, please fill out the FORM