Now for only 39 USD you can get a ready-to-use package of the GDPR procedures for your company (below You can View a list of the GDPR Package and international bibliography).

The biggest worldwide corporations use our procedures!

 

If you already have an outline of the GDPR documentation at your company – order our package to compare the individual elements!

View a list of the GDPR Package elements here:

The documents saved as PDF and DOC files will be made available at www https://dpos.eu.com/download  as a set comprising the following:

Personal Data Security Policy

Appendix No. 1 – Model information resources inventory control

Appendix No. 2 – Model records of the concluded processing agreements

Appendix No. 3 – Model records of the processing activities

Appendix No. 3a – Model records of all the categories of processing activities

Appendix No. 4 – Model list of the processing area

Appendix No. 5 – Model balancing test

Appendix No. 6 – Model IT resources inventory control

Appendix No. 7 – Risk assessment methodology (General risk assessment)

Appendix No. 7a – Table I scenarios for traditional documents

Appendix No. 7b – Table II scenarios for traditional documents

Appendix No. 7c – Table III scenarios for electronic documents

Appendix No. 7d – Table IV scenarios for electronic documents

Appendix No. 7e – Model risk assessment report for traditional documents

Appendix No. 7f – Model risk assessment report for electronic documents

Appendix No. 8 – Information clause generation tool

Appendix No. 9 – Model document containing an abstract from the basic rules of personal data security and breach reporting

Appendix No. 10 – Model statement for authorised individuals

Appendix No. 11 – Model processing authorisation

Appendix No. 11a – Model records of the individuals holding processing authorisation

Appendix No. 12 – Model authorisation for the data protection plenipotentiary

Appendix No. 12a – Model authorisation for the ITSA (IT System Administrator)

Appendix No. 12b – Model authorisation for the data protection officer

Appendix No. 13 – General template of a processing agreement

Appendix No. 14 – Breach procedure

Appendix No. 14a – Breach report template

Appendix No. 14b – Model records of infringement

Appendix No. 15 – Monitoring and verification

RBDO documentation bibliography:
 
1.    Statement on the role of a risk-based approach in data protection legal frameworks adopted on 30 May 2014 WP 218 (Position of the Article 29 Working Party)
2.    Guidelines on Data Protection Impact Assessment (DPIA) and determining whether  processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 Adopted on 4 April 2017 As last Revised and Adopted on 4 October 2017 WP 248 rev.01(Guidelines of the Article 29 Working Party)
3.    Guidelines on Personal data breach notification under Regulation 2016/679 Adopted on 3 October 2017 WP 250 (Guidelines of the Article 29 Working Party)
4.    Recommendations for a methodology of the assessment of severity of personal data breaches (ENISA) December 20, 2013
5.    Privacy Impact Assessment (PIA) 1 : methodologyFrench Data Protection Authority (CNIL) February 2018 edition (Guidelines of the French supervisory authority)
6.    Privacy Impact Assessment (PIA) 2 : template French Data Protection Authority (CNIL) February 2018  edition (Guidelines of the French supervisory authority)
7.    Privacy Impact Assessment (PIA) 3 : knowledge bases French Data Protection Authority (CNIL) February 2018 edition  (Guidelines of the French supervisory authority)
8.    Privacy Impact Assessment (PIA) : application to connected objects French Data Protection Authority  (CNIL) February 2018 edition (Guidelines of the French supervisory authority)
9.    How to understand risk-based approach? GDPR Guide Risk-based approach. Part 1 GIODO December 2017 (Guidelines of the Polish supervisory authority)
10.    How to apply risk-based approach? GDPR Guide Risk-based approach. Part 2 GIODO December 2017 (Guidelines of the Polish supervisory authority)
11.    PN-ISO/IEC 27005:2014-01 IT Technique -- Security Techniques -- Risk management in information security
12.    PN-ISO/IEC 27002:2014-12 IT Technique -- Security Techniques -- Practical information security rules (PN-EN ISO/IEC 27002:2017-06)

--

Entrepreneur! Have you heard of the GDPR? It is not only applicable to companies within the EU. If you process the personal data of EU citizens, you are automatically subject to the European personal data protection law. 

- Do you have a company outside the territory of the European Economic Area (EEA) and do business with persons located within the EU? YOU ARE SUBJECT TO THE GDPR!

- Do you have a company outside the EEA and a subsidiary company in the territory of the EU which provides you with the data of its employees or customers? YOU ARE SUBJECT TO THE GDPR!

See how simple it is to adhere to the new European law on personal data protection for only 99 EUR.

Article 3 of the GDPR

Territorial scope:

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.


----

Complete EU GDPR documentation and procedures
 

• All the elements of the GDPR documentation are based on the guidelines of the Article 29 Working Party (transformed into the European Data Protection Board as of 25 May 2018), ENISA recommendations and (to a limited extent) ISO standards and recommendations and guidelines of the European supervisory bodies responsible for the protection of personal data.
   
• By buying the EU GDPR Package you can implement the prepared procedures within one entity.

A DETAILED DESCRIPTION OF THE ELEMENTS CONSTITUTING THE EU GDPR 2019

1. DATA SECURITY POLICY COMPLIANT WITH THE EU GDPR 2019 – CHAPTERS

I. INVENTORY CONTROL OF INFORMATION RESOURCES

II. INVENTORY CONTROL OF IT RESOURCES

III. RISK ASSESSMENT AND SELECTION OF SAFEGUARDS

IV. IMPLEMENTATION OF INFORMATION REQUIREMENTS

V. READINESS TO FULFIL THE RIGHTS OF DATA SUBJECTS

VI. GRANTING AUTHORISATION TO PROCESS PERSONAL DATA

VII. PERSONAL DATA PROCESSING OUTSOURCING

VIII. PERSONAL DATA BREACH

IX. MONITORING AND VERIFICATION

--

THE DUTIES RELATED TO THE PERSONAL DATA PROTECTION PROVISIONS

WHICH ELEMENTS OF THE GDPR IMPLEMENTATION MUST BE COMPLETED? 

1.  Perform INVENTORY CONTROL of information and IT resources of the entity in all the sections – based on the information collected, perform a RISK ASSESSMENT, fill in a RECORD OF PROCESSING ACTIVITIES, define LEGAL BASES AND execute INFORMATION REQUIREMENTS.

2.  Perform a risk assessment with regard to information resources – and based on this decision on the selection of specific safeguards – both in respect of IT and physical security.

3. Adopt an infringement procedure and keep official records of infringements as of 25 May 2018 consisting in the documentation of infringements or reporting them to the supervisory authority within 72 h – no records of infringements.

4.  Analyse the need for a data protection officer (DPO) appointment – applicable to all the public entities and to the private entities if their main business activity consists in regular and systematic monitoring of natural persons on a large scale, and in the case of sensitive data, in order to determine the need for a DPO appointment, it is sufficient that the criterion of the main activity consisting in data processing on a large scale is met.

5. Update personal data processing outsourcing agreements with the entities to which data is delivered pursuant to the new GDPR procedures which require control of the entity to which data is outsourced.

6. Apply the relevant legal basis, data processing clauses and perfom the information requirementcompliant with the legal requirements of the GDPR and accompanying laws.

7. Data protection training and awareness – the persons authorised to perform personal data processing must be made familiar with the adopted procedures and must undertake to comply with them.

8. Monitoring and verification of the adopted procedures – non-compliance with the adopted procedures may constitute an intentional guilt which, if the entity is inflicted a fine, may eventually lead to a financial recourse to the persons responsible for negligence.

Bezpłatna dostawa

0.00 PLN

Aby dodać opinię musisz być zalogowany. Zaloguj się