A set of services in the field of personal data protection and compliance with GDPR (General Data Protection Regulation).
The ability of companies to transmit and use information about customers and counterparties at a time of digitalization of the global and Russian economies and acceleration of business processes has become one of the key factors in business development.
The proper approach to handling data allows not only to systematize and structure business processes related to data analytics, but also to avoid excessive administrative burdens associated with the duplication of functions and rights of different company departments, as well as to avoid significant penalties for violations of personal data legislation.
The laws of different countries are increasingly imposing stricter requirements for data protection: in Russia, the Federal Law "On Personal Data" and in Europe, the EU General Data Protection Regulation (GDPR). For example, the Russian laws may impose fines of up to 18 million roubles, while the GDPR impose fines of up to 20 million euros or 4% of the global revenues of a group of companies.
Russian companies should bear in mind that compliance with domestic law does not automatically ensure compliance with GDPR, since many processes and requirements were first introduced by European law.
HOW WE CAN HELP
Our team can help you not only with personal data protection compliance in Russia, but also with cross-border data transfers to foreign partners, group parent companies.
Our services:
Assessment of the applicability of GDPR regulations
We will analyze the company's business processes, documents and technologies related to the processing of personal data for applicability to GDPR requirements.
Simplified verification of compliance with FZ-152 "On Personal Data" and/or GDPR
We will conduct a general analysis of the company's business processes, general documents and technologies related to the processing of personal data for compliance with legal requirements. As a result, we will provide you with a report on the deficiencies identified in the relevant categories of requirements.
Audit of personal data
In-depth analysis of business processes, activities, documents and procedures aimed at protection of personal data. We will assess personal data processing processes for compliance with Federal Law 152 and/or GDPR requirements, identify key GDPR-related risks, and prioritize them for the company. Based on the results of the assessment, we will develop recommendations to address the identified non-compliances.
Optimization of business processes related to personal data processing
We will identify ways to reduce the administrative burden and execution of business processes, based on the processes and technologies of personal data processing identified during the review, as well as taking into account the specifics of the company's business.
Support of personal data processing
We will provide consulting or subscriber support in the course of fulfillment of processing and protection of personal data. The service includes one-time or periodic checks on compliance with the Federal Law 152 and/or GDPR. In addition, we will help develop an internal audit plan for compliance.
Development of a roadmap to bring your personal data protection processes in line with GDPR
We will prepare a roadmap with the necessary level of detail, which will describe the further steps to bring the personal data processing into compliance with the requirements of the Federal Law-152 and / or GDPR. At your option, the roadmap may include an estimate of the timeline, the persons responsible, as well as the priority of the recommended activities.
Support in building/transforming business processes in accordance with the requirements of the Federal Law-152 and/or GDPR
We will help you both at the initial stage, and in the process of transforming business processes in accordance with the requirements of the Federal Law-152 and / or GDPR. We will organize awareness-raising activities for employees, develop internal documents and contracts with third parties, as well as help to implement changes in the technology of personal data processing.
A set of services can be formed to your individual order.
