Personal Data Protection Project
Basically, there is no standard company, which wouldn’t processed personal data. What we have to do with them in compliance with law depends on their scale and manner.
Obligations are relevant for Controller as a subject determining the purpose of personal data processing and for Processor and Subprocessor as subjects processing personal data in the name of Controller. There is many obligations followed by the legislation, e.g. the manner and the form of personal data agreement gaining, their correct processing and destruction, personal data protection official registration, security project development, professional training of the personal data protection, etc.
All needed obligations had to be solved individually and covered by security project. Its basic structure is defined in the act on protection of personal data:
security intent – define security project area
security analysis – detailed information system security analysis
security directives – includes concrete technical, organizational and personal measures needed for threads and risk elimination or minimization.
By security project creation, legislation requirements are fulfilled and personal data will be adequately protected. In specific situation, a creation of security directives as a part of security project may be enough.
The fulfilled legislation requirement is indisputable an advantage of individual security project development. DCIT consultants are using their experiences in personal data protection area and in more complex information security. If appropriate, it’s possible to widen formal security analysis with services from technical security area.
We also provide personal data security training.
Act No. 122/2013 Coll. on Protection of Personal Data
ISO / IEC 27002
ISO / IEC 13335
If you are interested in more details please contact us.