We advise clients operating in a wide range of sectors on all data protection and cyber security matters, including by offering support on compliance with the General Data Protection Regulation (GDPR).
Our advice on GDPR (as well as the national Romanian data protection legislation) includes the following key activities:
Identifying the current data protection compliance position by rendering a complex audit with regard to the client’s activity;
supporting clients in identifying and prioritizing the necessary risk mitigating measures to be implemented in order to achieve the highest possible degree of GDPR compliance;
drafting all necessary documentation and offering support throughout the process of implementing risk mitigation measures, including establishing policies, procedures and governance structures to manage GDPR requirements.
We advise clients in relation to:
privacy by design with regard to the creation/implementation of new technologies;
consent collection forms and tracking of consent;
processing personal data in the employment context;
data transfers within and outside the EU and EEA;
acquisition and sale of databases;
data loss practical advice as well as legal recommendations;
the creation, storage, security and exploitation of databases in line with applicable legislation;
remedial steps regarding the compliance of a database (for example tracking consent sources and storing consent proof, as well as implementing and synchronizing consent collection/withdrawal mechanisms with the client’s database).
drafting data use and privacy policies;
assisting the client’s DPO and facilitating the client’s relationship with the supervisory authority.