Outsourcing of Data Protection Officer

As part of our services, we place at the Customer’s disposal a competent Data Protection Officer. Our consultant will carry out duties of Data Protection Officer on behalf of the Customer specified in legal regulations and will also provide invaluable help in terms of, inter alia, execution of contracts for entrusting personal data processing, handling complaints, formulating consent clauses for the processing of personal data, and contest rules.

Despite the amended Act on Personal Data Protection that came into force at the beginning of 2015, issues related to privacy protection still raise many doubts. In accordance with the current legal provisions, entrepreneurs who are Personal Data Controllers are no longer obliged to appoint Data Protection Officer, but in such a case they must comply with a number of obligations and assume financial liability for potential infringements. If no Data Protection Officer has been appointed, the Management Board shall: train employees, submit data filling systems to GIODO’s register, react to incidents, handle complaints, store documents, control security, and audit IT systems.

• You are released from the obligation of registering data filling systems (with the exception of sensitive data).
• You are released from the responsibility of supervision over the effectiveness of personal data protection system.
• Employees who process personal data are trained and aware od their duties.
• Reduced costs in relation to the cost of hiring a full-time qualified employee.

Outsourcing of Data Protection Officer in a pharmaceutical company

At the request of the Customer, a pharmaceutical company that processes large amounts of sensitive data, we fullfill the duties of Data Protection Officer on Customer’s behalf.
The main part of our service consists of audits, implementation security measures and maintaining the documentation of personal data protection system (policy, registres, procedures, etc.). We represent Customer in proceeding conducted by the Inspector General for Personal Data Protection (GIODO) concerning the registration of data filling systems, complaints, and questions raised in connection with Customer’s activity.
This service also includes consultancy with regard to the conclusion of contracts for entrusting personal data processing and providing training for emplyees in personal data protection. As a part of outsourcing service, the fulfilment of obligations by the Data Protection Officer requires also to conduct analyses and to issue opinions regarding new initiatives, and subsequently to prepare documents and procedures that are helpful to implement effective security measures.