Jarosław Kamiński

Attorney at law (Poland)
Associate Partner
Phone: +48 22 244 00 27

For whom Personal data protection audit?

Our advice on personal data protection is addressed to all enterprises because all of them process data of employees, business partners or contractors. The matter is particularly significant in the context of the EU General Data Protection Regulation (GDPR) which is going to impose new requirements as regards procedures and documentation of data processing from 25 May 2018. Failures to observe the regulation may entail legal consequences for business growth and stability of its market position. Fines may reach up to 20 million euro or 4% of the annual global turnover in the previous year, whichever is greater.

What are the benefits of personal data protection audit?

Rödl & Partner supports enterprises in adapting their procedures and documentation to the requirements of the Polish data protection laws, and in the future – to the GDPR standards. We also help implement legal procedures in companies which do not have a formalised data protection policy. Rödl & Partner experts ensure formal correctness of implementation of the new procedures in consideration of the legal and business implications. At the client’s request Rödl & Partner can also appoint an Information Security Administrator (ISA) responsible for the client’s interest. The ISA supervises legal security of the data processing in a company, represents it in the case of an inspection by the Inspector General for the Protection of Personal Data (GIODO) and supports the enterprise in day-to-day issues related to personal data processing. Once the GDRP enters into force, the function of the ISA will be replaced with an in-house Data Protection Officer – Rödl & Partner specialists will provide support in this regard, too.

What sets us apart?

Rödl & Partner offers comprehensive assistance in regulating personal data protection in companies. Our audits do not boil down to reviewing the existing practices and formulating audit reports, but we also implement the recommended solutions so that the data processing procedures meet the requirements of current and future regulations. With six locations in Poland and over 100 offices around the world we are able to offer effective services to the most demanding clients. Rödl & Partner experts boast vast knowledge and experience in personal data protection. They deliver training dedicated to small enterprises, as well as corporations. Rödl & Partner also offers assistance of a dedicated consultant who can function as well as an ISA (ISA outsourcing) or as a Data Protection Officer once the GDPR comes into force. That person is always on the lookout for solutions to help enterprises meet the data protection requirements easier. 

Personal data protection audit description

Among other things Rödl & Partner can:

  • audit personal data protection in enterprises;
  • deliver a report on audit findings, including recommendations and description of risks in case of any irregularities;
  • prepare in-house regulations on personal data protection, including personal data protection policy, a manual of IT system used for data processing and documentation of authorisations to process personal data;
  • adapt the company practices to the GDPR requirements;
  • function as the Information Security Administrator (ISA) / Data Protection Officer who oversees the implementation/change procedure;
  • register and update data sets with the Inspector General for the Protection of Personal Data;
  • represent enterprises in dealings with the Inspector General for the Protection of Personal Data;
  • train employees who have access to personal data.