Data protection officer

(Art..32 GDPR)

Data Protection Officer (DPO) play a key role in your organization`s data protection governance structure. Persons authorized by us are highly qualified professionals with many years of experience with auditing informational systems and assessing risks. They are trained in both national and European law of data protection and its application in practice.
Try now free consulting

The responsible person is also obliged

to monitor compliance with the Regulation and the Law within and outside the EU

to propose consents to the processing of personal data for the persons concerned, if the data processing is not performed by the Controller on another legal basis pursuant to Article 6 para. 1 of the Regulation

perform risk analysis of information systems from the point of view of information security

develop technical, organizational and personnel measures

participate in inspections carried out by the Office

supervise the cross-border flow of personal data

assess the impacts on information systems

in cases stipulated by the Regulation and / or the Act, to report the personal data breach to the Office and, if necessary, to the persons concerned, without delay, as soon as they become aware of such a breach, but no later than within 72 hours

f) propose instructions for authorized persons and the scope of permitted activities for a specific system

examine incident reports and respond to suggestions from those concerned

perform customer audits at intermediaries

perform other tasks of the responsible person stipulated by the Regulation, the Act and / or this Contract

The Data Protection Officer also oversees the correct and continuous fulfilment of the operator's basic obligations, ensures the instruction of authorised persons, deals with requests from the concerned persons about their rights, comprehensively provides safety measures and their updates, oversees the selection of providers and "monitors" the relationship with the provider even during the contractual relationship, oversees cross-border flow of personal data and addresses the personal data information system registrations agenda.
Take advantage of the possibility of external performance of the data protection officer function. Group Undertaking („Group Undertaking“ any holding company together with its subsidiary) can designate one data protection officer if it is easily accessible from each establishment

Our services


Data Protection
Impact Assessment

(Art.35 GDPR)

Data Protection Impact (DPIA) is required for systematic personal data processing, which is based on automated data processing, processing of specific categories of personal data in large quantities and systematic monitoring publicly accessible places in large scale.


Development of Data
Processing Agreements

(Art.28 GDPR)

Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.

Other services

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.

We will provide:
  • cooperation in case of handling an incident and proposing adequate measures
  • processing a notice of personal data breach for the Office for Personal Data Protection
  • processing a notice of personal data breach for data subjects
  • cooperation with the Office for Personal Data Protection

We will design:
  • internal procedures that provide general principles and responses to a violation of privacy (data breach)
Personal data processing shall be judged in relation to its purpose. Proportionality tests are needed to be done in case the processing is based on legitimate interests (within the meaning of article 6 section 1, letter f, which controls the controller or the third party).

This does not apply to the processing conducted by the public authorities carrying out their responsibilities.

In accordance with the required provisions of GDPR and valid law we will:
  • asses the legitimacy of the legal basis for the processing of personal data
  • perform proportionality tests, which will assess the suitability, necessity and the adequacy of processing of personal data with respect to the compliance with the data subject’s fundamental rights and freedoms
This applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

The representative shall be mandated by the controller or processor to be addressed in addition to or instead of the controller or the processor by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with this Regulation.
Controllers and processors can, in the field of data protection, create certification mechanisms for the purpose of demonstrating compliance with Regulation of processing operations.

Certification is possible after completion of required criteria approved by a competent surveillance authority.

Our professional consultants will provide you with all the needed information regarding certification of your products and services. They will guide you through the whole preparation process to the successful certification.
Personal data can be processed only in the manner established by the GDPR regulation or by the valid law, so the fundamental rights and freedoms of a data subjects are not violated. Most importantly their right to dignity and the right to privacy.

Within our activities we offer the following services:
  1. In case you process personal data of natural persons
    1. Consultancy in the field of personal data protection.
    2. Cooperation in case of a control by Surveillance Authority.
    3. Representing before the Surveillance Authority.
    4. Consultancy in case of a cross-border transfer of personal data.
    5. Consultancy in case of a transfer of personal data to third countries..
    6. Elaboration of a consent to the processing of personal data.
    7. Elaboration of contract between the controller and the processor.
    8. Elaboration of general rules of personal data protection for e-shops, web portals, club memberships (Club cards), etc.
    9. Elaboration of internal Binding Corporate Rules.
    10. Elaboration of contractual clauses.
    11. Elaboration of Code of Conduct.
  2. In case you are a natural person
    1. Filing an application for the protection of personal data.
    2. Filing a Call for Input.
    3. Filing of remedies.
Clients in EU
Data protection officer
We are in countries

Cross-border processing

Do you process personal data in more than one EU Member State?

Need help with applying GDPR Regulation?

Group Of Undertakings

A group of undertakings may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment.

V prípade záujmu nás neváhajte kontaktovať

Customer audits

Potrebujete preveriť či váš sprostredkovateľ spracúva osobné údaje v súlade so zmluvou a GDPR nariadením? Vieme vám zabezpečiť takýto zákaznícky audit takmer v každej krajine EÚ.

V prípade záujmu nás neváhajte kontaktovať