Data economy. Data strategy. Cyberattack. Data continuity. Big Data. AI. Internet of Things. Privacy by Design. Data governance. Corporate governance. Business continuity. Innovation. Connectivity. Sharing. Digitisation.
These terms, which are intertwined in the field of data protection from cyber security to GDPR, are closely related and their successful integration brings new opportunities.
We are prepared to develop them together with you and help you navigate the increasingly complex maze of regulatory rules. We can guide you through NIS2, DORA and GDPR regulations.
We will assist you with protection from risks and enable you to consciously work with the necessary risks. We are able to be immediately available to you should any problem arise. Whether you sell goods, provide services, operate in logistics, develop new drugs, merge with a company with a key data business, implement new technologies, or have no idea yet where research will take you in the next few years, we are here for you.
Our experts are experienced in a wide range of business sectors and understand business relationships and your business as your business partners.
Partners who know how to listen and help further develop your business.
The new EU Directive on Cybersecurity (NIS2) brings about significant changes in the provision of cybersecurity and will also affect companies that have not had to comply with any obligations so far. According to the first assumptions, this may include up to 7,000 entities in the Czech Republic.
Do the planned changes also affect you? And can you gain something extra? Find out more on our blog here.
The following areas have been our long-term focus:
- Building a standard and deliberate Privacy by Design approach to the protection of personal data and data in general within the organisation for risk management with clear rules and responsibilities
- Comprehensive, systematic, interconnected and consistently practical implementation of technical and organisational measures that support the business and comply with mandatory requirements
- Legal assistance with the implementation of ISO/IEC standards
- Audit of information security and compliance with statutory requirements and applicable ISO/IEC standards
- In-depth monitoring of employee and contractor compliance with GDPR and cybersecurity principles
- Training of a company’s management and its employees
- Dealing with Data Loss Prevention issues in the case of employees and preventing information and data leakage, BYOD and Shadow IT issues
- Testing the rules in practice (penetration tests, mystery shopping, simulation of supervisory authority control - dawn raid), we link the results with the training strategy
- Defining controller-processor relationships or joint control in various forms of vertical or horizontal cooperation, contractual arrangements for commercial use of personal data
- Regulation of contractual relations with IT suppliers concerning security and liability
- Preventive preparation and assistance in the event of incidents threatening data security, subsequent mitigation of adverse impacts, combination with available insurance products
- Representation in administrative proceedings before supervisory authorities (labour inspectorates, the Office for Personal Data Protection, National Cyber and Information Security Agency) and courts
- Data transfers and storage outside of the EU, dealing with risks relating to specific jurisdictions
- M&A transaction support – from addressing risks associated with data sharing between the parties during the transaction to assessing data/processing quality in the target company in terms of risks and their benefit to the buyer
- Supporting in-house Data Protection Officers (DPOs) or outsourcing this function as a service
- Linking the specific requirements of Czech/Slovak law with any technology platform for compliance support used by your organisation on a global level, the possibility of outsourcing the management of such tools
The most common risks with which we have extensive experience:
- Defining supplier-customer relationships with regard to cyber security
- Cloud solutions, including data processing outside the EU
- Revising internal guidelines and related training
- Working with data in the healthcare and research sectors
- CCTV systems and other monitoring tools using biometric technology, NFC, BLE
- Loyalty programmes, customer behavioural analyses, cookies, direct marketing & remarketing, retargeting
We also share our knowledge in the professional literature, at specialist workshops or industry discussion panels, and on our blog.
All this in cooperation with technical partners and forensic experts who will be able to help you with all non-legal aspects of data security.