Masz pytania ?
Jeśli mają Państwo pytania dotyczące oferty zapraszamy na infolinię, pon.- pt. w godz. 9 -17, tel.: 22 487 86 70 lub +48 724 570 436
Biuro obsługi RBDO
Legis Profile Sp. z o.o.
ul. Kopalniana 22a/7
Promocja do: 2019-12-31
Przedmiotem zamówienia jest Usługa pełnienia funkcji Inspektora Ochrony danych (lub Doradcy IOD) w firmie lub jednostce organizacyjnej przez eksperta RODO z wykształceniem prawnym – w cenie miesięcznego ryczałtu już od 299 zł +23% VAT (lub stawka ZW. dla jednostek organizacyjnych).
Dodatkowo w cenie zapewniamy audyt i wdrożenie procedur RODO + e-szkolenia dla personelu – usługa zapewnia optymalne wdrożenie wymaganych elementów ochrony danych osobowych w firmie oraz stała opiekę Inspektora Ochrony Danych Osobowych.
Complete GDPR documentation witch risk assessment procedure - 149 PLN - (39 USD)
BUY NOW! NOVELTY! An international package of the EU GDPR procedures that meet the highest standards of the guidelines of the EU Commission on the GDPR, the Article 29 Working Party (as of 25 May 2018 transformed into the European Data Protection Board), the standards of the European Union Agency for Network and Information Security (ENISA), PN-ISO/IEC 27005, PN-ISO/IEC 27002 and the European supervisory bodies!
Now for only 39 USD you can get a ready-to-use package of the GDPR procedures for your company (below You can View a list of the GDPR Package and international bibliography).
The biggest worldwide corporations use our procedures!
If you already have an outline of the GDPR documentation at your company – order our package to compare the individual elements!
View a list of the GDPR Package elements here:
The documents saved as PDF and DOC files will be made available at www https://dpos.eu.com/download as a set comprising the following:
Personal Data Security Policy
Appendix No. 1 – Model information resources inventory control
Appendix No. 2 – Model records of the concluded processing agreements
Appendix No. 3 – Model records of the processing activities
Appendix No. 3a – Model records of all the categories of processing activities
Appendix No. 4 – Model list of the processing area
Appendix No. 5 – Model balancing test
Appendix No. 6 – Model IT resources inventory control
Appendix No. 7 – Risk assessment methodology (General risk assessment)
Appendix No. 7a – Table I scenarios for traditional documents
Appendix No. 7b – Table II scenarios for traditional documents
Appendix No. 7c – Table III scenarios for electronic documents
Appendix No. 7d – Table IV scenarios for electronic documents
Appendix No. 7e – Model risk assessment report for traditional documents
Appendix No. 7f – Model risk assessment report for electronic documents
Appendix No. 8 – Information clause generation tool
Appendix No. 9 – Model document containing an abstract from the basic rules of personal data security and breach reporting
Appendix No. 10 – Model statement for authorised individuals
Appendix No. 11 – Model processing authorisation
Appendix No. 11a – Model records of the individuals holding processing authorisation
Appendix No. 12 – Model authorisation for the data protection plenipotentiary
Appendix No. 12a – Model authorisation for the ITSA (IT System Administrator)
Appendix No. 12b – Model authorisation for the data protection officer
Appendix No. 13 – General template of a processing agreement
Appendix No. 14 – Breach procedure
Appendix No. 14a – Breach report template
Appendix No. 14b – Model records of infringement
Appendix No. 15 – Monitoring and verification
RBDO documentation bibliography:
1. Statement on the role of a risk-based approach in data protection legal frameworks adopted on 30 May 2014 WP 218 (Position of the Article 29 Working Party)
2. Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 Adopted on 4 April 2017 As last Revised and Adopted on 4 October 2017 WP 248 rev.01(Guidelines of the Article 29 Working Party)
3. Guidelines on Personal data breach notification under Regulation 2016/679 Adopted on 3 October 2017 WP 250 (Guidelines of the Article 29 Working Party)
4. Recommendations for a methodology of the assessment of severity of personal data breaches (ENISA) December 20, 2013
5. Privacy Impact Assessment (PIA) 1 : methodologyFrench Data Protection Authority (CNIL) February 2018 edition (Guidelines of the French supervisory authority)
6. Privacy Impact Assessment (PIA) 2 : template French Data Protection Authority (CNIL) February 2018 edition (Guidelines of the French supervisory authority)
7. Privacy Impact Assessment (PIA) 3 : knowledge bases French Data Protection Authority (CNIL) February 2018 edition (Guidelines of the French supervisory authority)
8. Privacy Impact Assessment (PIA) : application to connected objects French Data Protection Authority (CNIL) February 2018 edition (Guidelines of the French supervisory authority)
9. How to understand risk-based approach? GDPR Guide Risk-based approach. Part 1 GIODO December 2017 (Guidelines of the Polish supervisory authority)
10. How to apply risk-based approach? GDPR Guide Risk-based approach. Part 2 GIODO December 2017 (Guidelines of the Polish supervisory authority)
11. PN-ISO/IEC 27005:2014-01 IT Technique -- Security Techniques -- Risk management in information security
12. PN-ISO/IEC 27002:2014-12 IT Technique -- Security Techniques -- Practical information security rules (PN-EN ISO/IEC 27002:2017-06)
Entrepreneur! Have you heard of the GDPR? It is not only applicable to companies within the EU. If you process the personal data of EU citizens, you are automatically subject to the European personal data protection law.
- Do you have a company outside the territory of the European Economic Area (EEA) and do business with persons located within the EU? YOU ARE SUBJECT TO THE GDPR!
- Do you have a company outside the EEA and a subsidiary company in the territory of the EU which provides you with the data of its employees or customers? YOU ARE SUBJECT TO THE GDPR!
See how simple it is to adhere to the new European law on personal data protection for only 99 EUR.
Article 3 of the GDPR
1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
EU GDPR DOCUMENTATION PACKAGE 2018
A complete set of data processing documentation in accordance with the GDPR for the undertakings operating in the EU and other entities.
The GDPR is also applicable to companies seated outside the EU if their business consists in offering commodities or services to the people located in the territory of the EU – pursuant to point (a) of Article 3(2) of the GDPR.
This is a comprehensive package of documents aimed at the implementation of new EU data protection procedures related to the adoption of the GDPR – in particular risk assessment methodology, classification of data security infringements, performance of information obligations and keeping records of personal data processing activities.
Complete EU GDPR documentation and procedures
All the elements of the GDPR documentation are based on the guidelines of the Article 29 Working Party (transformed into the European Data Protection Board as of 25 May 2018), ENISA recommendations and (to a limited extent) ISO standards and recommendations and guidelines of the European supervisory bodies responsible for the protection of personal data.
- By buying the EU GDPR Package you can implement the prepared procedures within one entity.
A DETAILED DESCRIPTION OF THE ELEMENTS CONSTITUTING THE EU GDPR 2019
1. DATA SECURITY POLICY COMPLIANT WITH THE EU GDPR 2019 – CHAPTERS
I. INVENTORY CONTROL OF INFORMATION RESOURCES
II. INVENTORY CONTROL OF IT RESOURCES
III. RISK ASSESSMENT AND SELECTION OF SAFEGUARDS
IV. IMPLEMENTATION OF INFORMATION REQUIREMENTS
V. READINESS TO FULFIL THE RIGHTS OF DATA SUBJECTS
VI. GRANTING AUTHORISATION TO PROCESS PERSONAL DATA
VII. PERSONAL DATA PROCESSING OUTSOURCING
VIII. PERSONAL DATA BREACH
IX. MONITORING AND VERIFICATION
THE DUTIES RELATED TO THE PERSONAL DATA PROTECTION PROVISIONS
WHICH ELEMENTS OF THE GDPR IMPLEMENTATION MUST BE COMPLETED?
1. Perform INVENTORY CONTROL of information and IT resources of the entity in all the sections – based on the information collected, perform a RISK ASSESSMENT, fill in a RECORD OF PROCESSING ACTIVITIES, define LEGAL BASES AND execute INFORMATION REQUIREMENTS.
2. Perform a risk assessment with regard to information resources – and based on this decision on the selection of specific safeguards – both in respect of IT and physical security.
3. Adopt an infringement procedure and keep official records of infringements as of 25 May 2018 consisting in the documentation of infringements or reporting them to the supervisory authority within 72 h – no records of infringements.
4. Analyse the need for a data protection officer (DPO) appointment – applicable to all the public entities and to the private entities if their main business activity consists in regular and systematic monitoring of natural persons on a large scale, and in the case of sensitive data, in order to determine the need for a DPO appointment, it is sufficient that the criterion of the main activity consisting in data processing on a large scale is met.
5. Update personal data processing outsourcing agreements with the entities to which data is delivered pursuant to the new GDPR procedures which require control of the entity to which data is outsourced.
6. Apply the relevant legal basis, data processing clauses and perfom the information requirementcompliant with the legal requirements of the GDPR and accompanying laws.
7. Data protection training and awareness – the persons authorised to perform personal data processing must be made familiar with the adopted procedures and must undertake to comply with them.
8. Monitoring and verification of the adopted procedures – non-compliance with the adopted procedures may constitute an intentional guilt which, if the entity is inflicted a fine, may eventually lead to a financial recourse to the persons responsible for negligence.
- Bezpłatna dostawa
- 0.00 PLN
Aby dodać opinię musisz być zalogowany. Zaloguj się