Personal data and it sproper processing isa key part of the daily activities of every business, especially after the new General Data Protection Regulation (GDPR) framework has come into force and effect. Personal data and its proper administration and transfer are a key part of the daily activities of almost every business.To achieve and maintain regulatory compliance, you need to:
- Ensure that your organisation meets the new requirements
- Implement analysis of the personal data flows in the organisation and the legal basis for their processing
- Provide for adequate internal policies, rules and technical and organisational measures
- Structure in registers the data streams, categories of data subjects, type of processing and storage time
- Draft Data Processing Agreements (DPA) to enter in with your partners
- Present correct and complete information about the data you process to all categories of data subjects
- Check and ensure the compliance of your website or e-shop with the privacy and data protection rules
- Communicate effectively with the Commission for Personal Data Protection (CPDP)
- Operate data processing in accordance with the legal requirements
- Store personal data in line with the local regulatory framework and the technical and organisational measures required for storage
- Process data for specific purposes
- Provide access for the individuals whose personal data is stored to their information
- Provide guidance/internal rules in compliance with the rules on the protection of personal data
- Transfer of data in Europe and/or in America any third states in conformity with the new Privacy Shield rules
- Understand the possibility of processing and storing sensitive data, metadata, and transferring data through servers in different countries
- Implement personal data protection for your employees and customers, etc.
The PPG Lawyers team is available to take these commitments over from you and to fulfil them according to all applicable national and European legislation.
PPG Lawyers has extensive experience in consulting and collaborating with clients (both Bulgarian and foreign ones, operating in Bulgaria) in their capacity of data processors and or controllers which are, or under the law should be, personal data controllers. The detailed knowledge of the legal framework as well as the practice of CPDP and the other European regulators build our expertise. We offer our clients not only legal assistance and a practical approach to their obligations in the field of personal data protection, but also provide an effective liaison with the Bulgarian regulator to obtain opinions on specific and difficult to interpret problems.