Our goal is Your satisfaction
with our services...

Comprehensive privacy and data protection services

Within the framework of comprehensive data protection and personal data protection services for the processing of personal data and the free transfer of such data we offer the following services:

1. Protection documentation according to Act no. 122/2013 Coll. on Personal Data Protection effective until 25 May 2018, which includes:

  • analysis of the current state of processing of personal data,
  • analysis of the information systems used by the operator,
  • analysis of the operator's obligations in the cross-border transmission of personal data,
  • preparation of the protection project, including the analysis of the protection of information systems,
  • development of protection measures for the management and handling of personal data in the form of protection directives,
  • elaboration of the necessary records' lists,
  • elaboration of proposals for notifications in information systems subject to notification or individual registration at the Office of ÚOOÚ of the Slovak Republic,
  • preparation of contracts with intermediaries,
  • elaboration of instructions for authorized persons.

2. Services under Act no. 18/2018 Coll. on the Protection of Personal Data and the Regulation of EP&R (EU) 2016/679 on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Transfer of such Data (GDPR) effective from 25.5.2018, which includes:

  • assessment of the current status of the processing of personal data and its compliance with the GDPR,
  • analysis of the information systems used by the operator,
  • definition of the operator's obligations in exercising the rights of the data subject,
  • assessment of the impact on the protection of personal data,
  • preparation of the necessary documentation (records of processing activities, processing of personal data, notification of a protection incident, preparation of contracts with intermediaries ...).

3. Performing the role of the external entity in charge and carrying out the training of authorized entities, which includes:

  • providing professional counselling and consultations on the protection of personal data and GDPR,
  • providing information and advice to the operator or mediator and the staff who process personal data about their obligations under the law, special regulations or international treaties binding on the Slovak Republic regarding the protection of personal data,
  • monitoring the compliance of processing of personal data with law and regulations, including raising awareness and training for persons involved in processing of operations and related privacy audits,
  • collaboration with the Office for the Protection of Personal Data in SR (ÚOOÚ SR).

 

GDPR

On 25 May 2018, the GDPR and the OOÚ Act will be effective, i.e. from this date, it is already necessary to follow the new legislation - Regulation of (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free transfer of such data, repealing Directive 95/46 / EC, (hereinafter as GDPR) and Data Protection Act no. 18/2018 Coll. on the Protection of Personal Data and on amendments to certain laws (hereinafter referred to as the "Act on OOÚ") repealing the Act no. 122/2013 Coll. on the protection of personal data and harmonises the Slovak legal framework with the Regulation (GDPR).

Necessary steps to do:

  • update the documentation (records of processing activities, consent to processing of personal data, contracts with the intermediary, notification of protection incidents,),
  • if the type of planned data processing could lead to a high risk for the rights of individuals, it is necessary to assess the impact on the protection of personal data, which includes –
    • description and determination of the purpose for the processing operations,
    • an assessment of the necessity and appropriateness of the processing operations in relation to the purpose,
    • risk assessment of the rights of the person concerned, and
    • the adoption of risk elimination measures, including guaranties and protection measures and systems to ensure the protection of personal data,
  • adopt and document new recommended protection measures, e.g. encryption, pseudonymization, personal data anonymization, and the like,
  • determine the rules for fulfilling the so-called Notification obligation - if the operator violates the privacy policy, for example, by unauthorized disclosure of personal data or by an unauthorized person, he is required to notify the Data Protection Office of SR (ÚOOÚ) within 72 hours of having learned of it,
  • to lay down internal rules for the exercise of the rights of the persons concerned, for example –
    • the right to adjust incorrect personal data,
    • the right of delete - right to forfeit personal data,
    • the right to limit the processing of personal data,
    • the right to data transfer to another operator,
    • the right to challenge automated individual decision-making and profiling,
  • identify the authorised person, if
    • the processing of personal data is carried out by a public authority or by a public body (all public authorities, state authorities, municipalities, schools and public bodies providing public services ...),
    • the main activities of the operator or intermediary are processing operations which, due to their nature, scope or purpose, require regular and systematic monitoring of the person concerned to a large extent (banking institutions and insurance companies, e-shops, security services, companies that regularly and systematically monitor persons to a large extent, process customer data through, for example, camera systems in shopping centers, applications that evaluate client behavior on the Internet for targeted advertising, profiling, etc.); or,
    • the main activities of an operator or an intermediary are the processing of large categories of personal data or the processing of personal data relating to the recognition of guilt for committing a large-scale offense or violation (medical facilities and firms whose main activity is the extensive processing of biometric data, genetic data, racial or ethnic origin, data on political opinions, data on health or sexual life).

The Personal Data Protection Office (ÚOOÚ) may impose a fine of up to EUR 20 million or, in the case of an enterprise, up to 4% of the total annual turnover per year for an entity who has, for example, failed or infringed upon one of the basic principles of processing of personal data, or violated some of the rights of the person concerned.

en/about-us/certificates-and-awards Contact Us YouTube Facebook

Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information Ok