GDPR Compliance: Consulting, auditing and implementing of personal data protection | Law&Trust International

In the era of globalization, the issue of the protection of personal data of individuals, users of online platforms, applications and games is paid particularly close attention from both the executive bodies and the users themselves.

Failure to comply with the procedure for interaction and protection of personal data entails the imposition of strict liability, as well as the prohibition or blocking of activities in the territory of the country whose legislation has been violated.

With the entry into force on May 25, 2018, of the new regulation of the European Union called GENERAL DATA PROTECTION REGULATION (GDPR), the requirements for processes of interaction with personal data were also tightened. These regulations have replaced outdated legislation, existing consolidated provisions and introduced new, higher standards for data processors. Now GDPR has an extraterritorial scope, which means spreading its influence to all international companies, websites, online platforms that in some way or other process personal data of users from the EU territory.

Besides, the regulations set severe fines of up to 20 million euros or 4% of the company's turnover, and its value is subject to the highest value. Thus, in early 2019, Google was held liable for insufficient information on the processing of personal data, data collection without consent, non-compliance with the requirements of GDPR. The fine for this company was 40 million euros. Moreover, this is not an isolated case. Please note that your data processing processes should take into account the requirements of the legislation of each jurisdiction where data is collected, processed or stored.
Compliance with the legislation in the field of personal data protection is not a pure formality, but an in-depth study of all mechanisms for interacting with personal data. If you in any way process user data from the EU or more, provide services in the EU, the Law and Trust team will allow you to avoid many difficulties in the process of interaction with government agencies and with the users themselves. With us, the GDPR implementation procedure will be the most painless and as soon as possible.

GDPR Compliance Audit

The first step in bringing the project activities into compliance with the requirements of the legislation on the protection of personal data is an audit. During a comprehensive audit of the company, the site and the application, Law and Trust experts analyze the compliance of the GDIS product (data protection impact assessment), such as personal data collected, available data protection methods, data handling mechanisms. If you comply with the legislation on the protection of personal data that is in force before the entry into force of the regulation, this will significantly bring you closer to meeting the requirements of the new regulation.

Alignment with GDPR

  • When there is a clear idea of ​​the current state of affairs in the company, the leading lawyers of Law and Trust develop an individual plan for the Client to bring the project to conformity with the GDPR.

  • In addition to explaining to the team of your project the essence and meaning of the requirements, our specialists customize business processes taking into account the observance of human rights and critical elements of the GDPR.

Documenting Data Processing Rules (Terms of Use, Privacy Policy, Cookie Policy)

  • Legally competently written documents are not the only, but one of the essential elements of bringing the company into compliance with the new requirements.

  • Specialists of our company will prepare for your game, website and software a complete package of accompanying documentation that will fix the order of user interaction with your services, determine its rights and obligations.

Consent to personal data flow

  • Getting approval to data processing is a starting point that allows you to start collecting and processing personal data legally. Permission must be obtained in an additional order for each purpose of collecting personal data. Besides, it is necessary to document the fact of obtaining user consent.

  • Competent connection on the online platform of understandable and straightforward consent for processing is the key to a secure and robust relationship with the user.

The introduction of Cookie Banner

  • Cookies are often introduced to ensure reliable and convenient operation of the site, provide advertising to users and optimize processes. The use of cookies requires the user to be warned about the impact on his device and the personal data collected. For these purposes serves as a banner Cookies.

  • Based on our experience, the most common misconception of the Client is the opinion that it is enough to show the user a small inconspicuous window that is easy to close and not notice. The critical requirement of the regulation is openness. You should be as open as possible to your user and give him the right to choose.

Appointment of a Personal Data Protection Specialist (DPO)

  • Based on the results of the audit of your project, our specialists may conclude that it is necessary to appoint a personal data protection inspector (DATA PROTECTION OFFICER, DPO). The presence of such a specialist ensures prompt response to changing legislation, allows you to maintain an adequate level of personal data protection. However, such a specialist is required only in individual cases of data processing.

  • Responsible selection of a DPO specialist that meets your requirements and goals will allow you to maintain compliance with the legislation on the protection of personal data throughout the life of the company.

Access to personal data for minors

Do not forget about the special relationship to the data collected from persons under the age of majority. To be able to collect data from persons under the age of 16 or any other legal age, the consent of his parents will be required.

In practice, entrepreneurs faced the following problem: the implemented systems for obtaining consent do not guarantee that consent to the processing of personal data was purchased directly from the parent or legal representative of the child.

To confirm kinship or other legal rights, a sufficiently large package of documents is required, and if there are a lot of potential users of minors, this becomes a real problem.

To address this situation, Law and Trust propose developing a scheme for interacting with these minors based on the needs of each Client.

Why Law & Trust International?

Law and Trust International and its specialists will help you and your company correctly draw up a program document on work with personal data of clients
Using the rules of European legislation, you can protect the personal data of each user
Be able to comply with all the laws and regulations of the GDPR

Our clients

Our team