Наши специализации

Training Legal Assessment of Personal Data Processing Team

ABOUT THE PRACTICE

Stepanovski, Papakul & Partners. Legal Services LLC provides its clients with comprehensive support in the field of personal data protection within their organizations.

TRAINING

Today, the law requires all employees involved in personal data processing to undergo training. We not only know the legislation in detail and understand its nuances and complex aspects — including in practice — but have also prepared clear, structured, and concise information to tell you everything a company specialist needs to know today. Training program.

DOCUMENT PREPARATION

Determining the necessary and sufficient list of documents and drafting them correctly — based on the law, enforcement practice, and the unique characteristics of business processes — is a complex legal task with many variables. SP&P experts can help you navigate it.

LEGAL ASSESSMENT OF PERSONAL DATA PROCESSING IN THE ORGANIZATION

A legal assessment of how an organization processes personal data includes identifying violations and risks and preparing recommendations for their elimination. A legal audit helps prepare for scheduled inspections and prevents unscheduled ones, which can be triggered by any report to the supervisory authority. Note that one possible consequence is the temporary suspension of the company’s .operations.

Inspections conducted by the personal data regulator (NCPDP) have shown that most companies are not fully prepared to work with personal data:

• they do not understand the importance of this regulation and the high risks of non-compliance;
• they do not fully understand legal requirements and do not meet the regulator’s expectations;
• necessary documents have not been developed;
• personal data protection measures have not been implemented;
• there is no understanding of which business processes involve personal data;
• employees working with personal data have not received proper training or consider previous training sufficient without fulfilling other mandatory requirements.

Today, the trend is that the National Center for Personal Data Protection (NCPDP) is increasing its focus on supervisory activities. Each year, the number of inspections and the depth of reviewed issues are growing. Any signal to the supervisory authority — from citizens, other organizations, or government bodies — can trigger an inspection. Although fines are currently relatively small, the main business risk in case of serious violations is the suspension of the relevant information resource (system) (for example, a website that does not ensure proper personal data protection measures) until deficiencies are resolved.

Managers today should ask themselves several questions:

• Do you know what exactly your organization needs to comply with the law and avoid issues?
• Do you know all the points of contact with personal data within your company that must be regulated?
• Have your employees who handle personal data received the required training?
• Do you know the proper actions to take in the event of a personal data breach and during subsequent regulatory inspections?
• Are you certain you understand what the company needs to comply with the law and prevent personal data leaks?

If you have doubts, we recommend considering a legal assessment of personal data processing before an inspection arrives. This will allow you to build a proper personal data protection system in advance.

SP&P can conduct such a legal audit for you, identify problem areas, assist in preparing missing documentation, and train employees. This mini-audit will serve as a reliable starting point for managing personal data, interacting with the NCPDP, and preventing violations in this field.

The scope and cost of the legal assessment project are determined individually.

HEAD OF DIRECTION