Data and personal data security

Service Description
Awards AnD Media

Data security

Data economy. Data strategy. Cyberattack. Data continuity. Big Data. AI. Internet of Things. Privacy by Design. Data governance. Corporate governance. Business continuity. Innovation. Connectivity. Sharing. Digitisation.

These terms, which are intertwined in the field of data protection from cyber security to GDPR, are closely related and their successful integration brings new opportunities.

We are prepared to develop them together with you and help you navigate the increasingly complex maze of regulatory rules. We can guide you through NIS2, DORA and GDPR regulations.

We will assist you with protection from risks and enable you to consciously work with the necessary risks. We are able to be immediately available to you should any problem arise. Whether you sell goods, provide services, operate in logistics, develop new drugs, merge with a company with a key data business, implement new technologies, or have no idea yet where research will take you in the next few years, we are here for you.

Our experts are experienced in a wide range of business sectors and understand business relationships and your business as your business partners.

Partners who know how to listen and help further develop your business.

The new EU Directive on Cybersecurity (NIS2) brings about significant changes in the provision of cybersecurity and will also affect companies that have not had to comply with any obligations so far. According to the first assumptions, this may include up to 7,000 entities in the Czech Republic.

Do the planned changes also affect you? And can you gain something extra? Find out more on our blog here.

The following areas have been our long-term focus:

  • Building a standard and deliberate Privacy by Design approach to the protection of personal data and data in general within the organisation for risk management with clear rules and responsibilities
  • Comprehensive, systematic, interconnected and consistently practical implementation of technical and organisational measures that support the business and comply with mandatory requirements
  • Legal assistance with the implementation of ISO/IEC standards
  • Audit of information security and compliance with statutory requirements and applicable ISO/IEC standards
  • In-depth monitoring of employee and contractor compliance with GDPR and cybersecurity principles
  • Training of a company’s management and its employees
  • Dealing with Data Loss Prevention issues in the case of employees and preventing information and data leakage, BYOD and Shadow IT issues
  • Testing the rules in practice (penetration tests, mystery shopping, simulation of supervisory authority control - dawn raid), we link the results with the training strategy
  • Defining controller-processor relationships or joint control in various forms of vertical or horizontal cooperation, contractual arrangements for commercial use of personal data
  • Regulation of contractual relations with IT suppliers concerning security and liability
  • Preventive preparation and assistance in the event of incidents threatening data security, subsequent mitigation of adverse impacts, combination with available insurance products
  • Representation in administrative proceedings before supervisory authorities (labour inspectorates, the Office for Personal Data Protection, National Cyber and Information Security Agency) and courts
  • Data transfers and storage outside of the EU, dealing with risks relating to specific jurisdictions
  • M&A transaction support – from addressing risks associated with data sharing between the parties during the transaction to assessing data/processing quality in the target company in terms of risks and their benefit to the buyer
  • Supporting in-house Data Protection Officers (DPOs) or outsourcing this function as a service
  • Linking the specific requirements of Czech/Slovak law with any technology platform for compliance support used by your organisation on a global level, the possibility of outsourcing the management of such tools

The most common risks with which we have extensive experience:

  • Defining supplier-customer relationships with regard to cyber security
  • Cloud solutions, including data processing outside the EU
  • Revising internal guidelines and related training
  • Working with data in the healthcare and research sectors
  • CCTV systems and other monitoring tools using biometric technology, NFC, BLE
  • Loyalty programmes, customer behavioural analyses, cookies, direct marketing & remarketing, retargeting

We also share our knowledge in the professional literature, at specialist workshops or industry discussion panels, and on our blog.

All this in cooperation with technical partners and forensic experts who will be able to help you with all non-legal aspects of data security.

Authors: Robert Nešpůrek, Pavel Amler, Tomáš Chmelka In recent years, European lawmakers have been attempting to respond to the current technological situation in the society through various legislative packages, and thus the emerging cryptocurrency boom cannot have escaped them either. It was merely a matter of time before the declared draft regulations and directives get their final tuning […]
Authors: Robert Nešpůrek, Richard Otevřel Last summer, we informed you that the new Standard Contractual Clauses (“SCCs”) adopted by the European Commission in June 2021 were to be taken into account for the exchange of personal data with non-European foreign countries; a transition period of a year and a half  seemed sufficient even for complex […]
The protection of personal data under the General Data Protection Regulation (“GDPR”) in the field of clinical trials is an extensively-discussed topic, even more so in the absence of a specific statutory provision, or at least a relevant methodology in this respect. The Czech State Institute for Drug Control (“SUKL”) has recently issued a GDPR-related […]
TTT 21360,21119,21099,20903


Fill in your e-mail and get regular news from the world of law and business.

Contact Us

Copyright © 2024 HAVEL & PARTNERS s.r.o., advokátní kancelář