Outsourced Data Protection Officer
The EU data protection regulation reshaped, and emphasized the fulfillment of the role already known as Internal Data Protection Officer in the Hungarian legislation. The Data Protection Officer, in accordance with the regulation, cannot accept orders from anybody, cannot be laid off and cannot be sanctioned. The Data Protection Officer can only be held accountable directly by the board of directors of the data controller or processor.
Complete independence and the required technical knowledge cannot be guaranteed for numerous organizations in the case of an internal colleague, therefore Article 37 of the regulation enables the Data Protection Officer to fulfill their position in the frames of a service agreement. Our company has gathered significant amounts of experience in the fulfillment of DPO as an outsourced role.
Conducting privacy compliance audits
The first step in preparing for the compliance with the EU data protection regulation is measuring our organization’s maturity level, finding where adjustments are necessary. For this purpose, our company provides assisstance in mapping all relevant data processing, separated by goals and defining the legal bases of the goals. Following this, we conduct the “gap-analysis” to all of the above processings based on a check-list prepared in advance.
We help not getting lost in the details but identifying the areas with high risk level and according to these, preparing the action plan.
Preparation for privacy audits
In accordance with the GDPR, security incidents must be reported to the authorities within 72 hours of the organization realizing them unless the incident is not probable to bear any risks regarding the rights and freedom of legal persons.
Our company can assist in the development of internal processes in order to respond effectively to incidents, as well as in the detection of traces following incidents (conducting forensic investigations). Our ethical hacker team has years of routine in the investigation of incidents related to data leakage, data theft and hacking; the identification of system vulnerabilities and the prevention of future incidents. Based on the tests, we can make suggestions on the necessity of reporting, help prepare the incident report and communicate it through the appropriate channels.