Outsourcing of the Data Protection Officer (DPO)

As part of DPO outsourcing, we provide our clients with the assistance of a dedicated Data Protection Officer, who comprehensively takes care of the security of personal data processing and its compliance with the applicable legal regulations. Thus, we take responsibility for the compliance of the company's operations with the GDPR and other regulations regarding the protection of personal data, thereby freeing the company from the necessity to employ and train its own DPO and to systematically monitor the changing regulations on personal data protection.

The first step for our cooperation with clients is to adjust the scope of services provided to their requirements and needs in terms of personal data protection.

Outsourcing of the DPO / RODO Outsourcing – scope of the service

• Providing the care of a dedicated Data Protection Officer
• Ensuring the compliance of processes with the regulations on personal data protection (GDPR and Polish acts implementing the GDPR regulations) and other national and international regulations on personal data protection
• Systematic monitoring of changes in the area of personal data protection
• Developing solutions enabling the lawful processing of personal data in the case of specific client needs, e.g. in a situation of:
  • remote working
  • the necessity of taking body temperature measurements, breathalyser tests, drug tests
  • data transfer outside the EEA
  • industry-specific activities
• Arrangement of personal data flows in a company
• Regular audits of the entire organisation and of selected areas that require special attention
• Developing information security policy (including personal data) and other documents related to individual client needs
• Ongoing management of contracts of personal data entrustment, rights and enquiries from individuals and requests from public institutions and other entities
• Drafting of information clauses, content of approvals and GDPR requirements for IT systems
• Conducting a Data Privacy Impact Assessment
• Keeping a register of processing activities, register of categories of processing activities
• Assistance in the cooperation with data protection supervisory authorities
• Trainings in the area of personal data protection, both in the form of e-learning, in traditional form or in the form of video conferences
• Ongoing advisory on personal data protection

Apart from the full DPO Outsourcing, we also offer assistance of the Data Protection Officer.

Obligation to appoint the Data Protection Officer

Under the GDPR, there is an obligation to appoint the Data Protection Officer for specific groups of entities processing personal data:

• public authorities or bodies,
• entities in which the core activities of the controller or the processor consist of processing operations which, by their nature, their scope or their purposes, require regular, large scale and systematic monitoring of individuals,
• entities in which the core activities of the controller or processor consist of large-scale processing of specific categories of personal data or of personal data relating to criminal convictions and offences.

Who can be a DPO?

Under the GDPR, the person acting as a Data Protection Officer should have appropriate professional qualifications, in particular knowledge about data protection laws and practices:

• knowledge of domestic, European and sectoral data protection laws and practices
• detailed knowledge of the GDPR
• knowledge of the processing, IT systems and security features used by the administrator
• knowledge of the sector in which the controller operates
• knowledge of administrative procedures and operation of the entity