Law and Internet Foundation drafts compliance measures based on general information on the processing of personal data provided by the consulted organization. It should be -taken into consideration that, when preparing the records, the need for further action and compliance measures could be identified, as for the purpose of preparing these records an original audit of all processes will be carried out which will provide additional systematic and detailed information about the processing of personal data within a given organization.

The compliance measures include:

  • Preparing records of processing activities under Art. 30 GDPR;
  • Drawing a data protection policy;
  • Drafting a model non-disclosure agreement for employees that meets the needs of the organization;
  • Drafting a model contract /annex to a contract for settling relations with persons processing personal data on an assignment;
  • Drafting a model contract /annex to a contract for settling relations with persons with which data are exchanged and which process these data on their own and for their own purposes;
  • Preparing a notice board in connection with the implementation of the video surveillance activities;
  • Revising/Drafting of internal rules for the processing of personal data and for the technical and organizational measures for the protection of personal data (Instructions);
  • Consultation and drafting of a brief statement on the need to appoint a Data Protection Officer.