Personal data protection (GDPR)

Everyone who processes personal data of customers, employees or trading partners must comply with the rules set out in the European data protection regulation (GDPR). All the more so if you entrust a third party with the processing of personal data – typically by saving personal data in a third party platform, using external accountants or providers of IT, HR or occupational health and safety services.

We will analyze your processes of personal data processing, and prepare necessary internal documentation and agreements with contractors.
We will take care that your employee monitoring complies with statutory standards.

If there is a data breach, we will help you to fulfil your duties to the authorities, and to minimize impacts on your business.

What we prepare for our clients most often

  • Data processing agreements
  • Informative documents (Privacy Policy)
  • Internal guidelines (according to ISO 27001 standards)
  • Setting and operation of camera systems
  • Records of processing activities
  • Balancing tests
  • Data breach handling

And what can we help you with?
Write to us.

I'm sending..
You confirm that you have read the information on the processing of personal data

+420 776 725 597


barta.legal s.r.o., advokátní kancelář
Kaprova 42/14
Praha 1, 110 00

@bartalegal

your team

Your case
will be handled by

JUDr. Jan Bárta

JUDr. Jan Bárta

Mgr. Kamila Francová

Mgr. Kamila Francová

Frequently asked questions
in the field of GDPR and personal data protection

What is actually the GDPR? We solved it completely in 2018, after all.

The term GDPR is commonly used to mean legal regulation of personal data protection. If you have employees or non-anonymous customers, or administer data for your clients, GDPR applies to you. GDPR constitutes a process and necessitates continuous monitoring whether you work with personal data in compliance with GDPR. Your business has certainly changed since 2018, and it is necessary to reflect all the changes in the documentation.

Why do we actually do this, what is GDPR for?

The purpose of GDPR is to prevent unlawful processing of personal data, address the risks related to data security, and make it possible for natural persons to exercise their rights guaranteed by GDPR. So the basis of GDPR is establishing internal data security, contractual rules for data transfers to third parties, and providing sufficient information to natural persons as to how you process their personal data.

So what documentation do we need?

The basis is to identify the internal processes during which data are processed. Having experience in this process, we do not draw up extensive analyses. Instead, we jointly go through your business and get all the necessary data. This results in preparing a data processing agreement, information about data processing (privacy policy) for clients and employees, internal guidelines, records of processing activities, balance tests, and other documents.

With whom do we have to make a data processing agreement?

If you transfer data to someone for the purpose of their processing, such party is often a processor with whom you must make a written data processing agreement. In most cases, such parties are accountants, IT contractors, freelancers – self-employed contractors, providers of occupational health and safety services, operators of camera systems, and many others.