Data and personal data security

Service Description
Awards AnD Media

Big Data. AI. Data economy. Data strategy. Cyber threat. Cyberattack. Internet of Things. Innovation. Connectivity. Sharing. Privacy by Design. Computerisation. Data governance. Corporate governance. Business continuity.

These terms which intersect in areas such as cybersecurity, GDPR and data are closely related and their successful integration brings new opportunities for the 21st century.

We are fully prepared to work with you to develop these new opportunities and help you navigate the increasingly complex maze of regulatory rules. We will assist you with protection from risks and enable you to consciously work with the necessary risks. We are able to be immediately available to you should any problem arise. Whether you sell goods, provide services, operate in logistics, develop new drugs, merge with a company with a key data business, implement new technologies, or have no idea yet where research will take you in the next few years, we are here for you. Our experts are experienced in a wide range of business sectors and understand business relationships and your business as your business partners. Partners who know how to listen and help further develop your business.

The following areas have been our long-term focus:

  • Building a standard and deliberate Privacy by Design approach to the protection of personal data and data in general within the organisation for risk management with clear rules and responsibilities
  • Comprehensive, systematic, interconnected and consistently practical implementation of technical and organisational measures that support the business and comply with mandatory requirements
  • In-depth monitoring of employee and contractor compliance with GDPR and cybersecurity principles
  • Audit of information security and compliance with statutory requirements and applicable ISO/IEC standards
  • Dealing with Data Loss Prevention issues in the case of employees and preventing information and data leakage, BYOD and Shadow IT issues
  • We test the rules in practice (penetration tests, mystery shopping, simulation of supervisory authority control - dawn raid), we link the results with the training strategy
  • Documentation support both in terms of internal compliance (balance sheet tests, DPIA, archiving rules, guidelines) and externally in respect of customers (notifications, consents)
  • Defining controller-processor relationships or joint control in various forms of vertical or horizontal cooperation, contractual arrangements for commercial use of personal data
  • Regulation of contractual relations with IT suppliers concerning data security and liability
  • Preventive preparation and assistance in the event of incidents threatening data security, subsequent mitigation of adverse impacts, combination with available insurance products
  • Representation in administrative proceedings before supervisory authorities (labour inspectorates, the Office for Personal Data Protection, National Cyber and Information Security Agency) and courts
  • Data transfers outside of the EU, dealing with risks relating to specific jurisdictions
  • M&A transaction support – from addressing risks associated with data sharing between the parties during the transaction to assessing data/processing quality in the target company in terms of risks and their benefit to the buyer
  • Supporting in-house Data Protection Officers (DPOs) or outsourcing this function as a service
  • Linking the specific requirements of Czech/Slovak law with any technology platform for compliance support used by your organisation on a global level, the possibility of outsourcing the management of such tools

The most common risk processing with which we have extensive experience

  • CCTV systems and other monitoring tools using biometric technology, NFC, BLE
  • Cloud solutions, including data processing outside the EU
  • Personal data processing in the healthcare and research sectors
  • Loyalty programmes, customer behavioural analyses, cookies, direct marketing & remarketing, retargeting

We also share our knowledge in the professional literature, at specialist workshops or industry discussion panels, and on our blog.

Authors: Robert Nešpůrek, Pavel Amler, Tomáš Chmelka In recent years, European lawmakers have been attempting to respond to the current technological situation in the society through various legislative packages, and thus the emerging cryptocurrency boom cannot have escaped them either. It was merely a matter of time before the declared draft regulations and directives get their final tuning […]
Authors: Robert Nešpůrek, Richard Otevřel Last summer, we informed you that the new Standard Contractual Clauses (“SCCs”) adopted by the European Commission in June 2021 were to be taken into account for the exchange of personal data with non-European foreign countries; a transition period of a year and a half  seemed sufficient even for complex […]
The protection of personal data under the General Data Protection Regulation (“GDPR”) in the field of clinical trials is an extensively-discussed topic, even more so in the absence of a specific statutory provision, or at least a relevant methodology in this respect. The Czech State Institute for Drug Control (“SUKL”) has recently issued a GDPR-related […]


Fill in your e-mail and get regular news from the world of law and business.

Contact Us

Copyright © 2023 HAVEL & PARTNERS s.r.o., advokátní kancelář