× Close

Subsidies

Tax security

ESG

Succession consulting

Audit of personal data protection system

Contact

Damian Chudzik

junior partner, attorney-at-law

Scope of the audit

  • Determination of a functioning model of the personal data protection system
  • Identification and assessment of personal data processing
  • Inspection of individual departments in terms of personal data protection
  • Verification of the existing documentation on personal data protection in terms of its compliance with the provisions on personal data protection
  • Identification of data transfer processes/examination of the necessity to conclude the personal data entrustment agreements
  • Establishment of the controller – processor relationship within the identified data processing
  • Verification of the legal basis for data processing
  • Verification of the correctness of consent clauses of data subjects to the personal data processing
  • Verification of the information obligation fulfillment
  • Verification of the exercise of the rights of data subjects/existence of the procedure
  • Verification of the register of processing activities and processing activity categories
  • Verification of the correctness, purpose, adequacy, time-limited personal data processing
  • Verification of personal data processing based on entrustment agreements
  • Verification of the rights to data processing (authorizations for employees)
  • Verification of the risk management procedure
  • Establishment of the obligation to assess the effects of processing
  • Verification of physical, technical and IT safeguards
  • Development/update of personal data processing documentation