GDPR Compliance: Consulting, auditing and implementing of personal data protection | Law&Trust International

In the era of globalization, the issue of the protection of personal data of individuals, users of online platforms, applications and games is paid particularly close attention from both the executive bodies and the users themselves.

Failure to comply with the procedure for interaction and protection of personal data entails the imposition of strict liability, as well as the prohibition or blocking of activities in the territory of the country whose legislation has been violated.

With the entry into force on May 25, 2018, of the new regulation of the European Union called GENERAL DATA PROTECTION REGULATION (GDPR), the requirements for processes of interaction with personal data were also tightened. These regulations have replaced outdated legislation, existing consolidated provisions and introduced new, higher standards for data processors. Now GDPR has an extraterritorial scope, which means spreading its influence to all international companies, websites, online platforms that in some way or other process personal data of users from the EU territory.

Besides, the regulations set severe fines of up to 20 million euros or 4% of the company's turnover, and its value is subject to the highest value. Thus, in early 2019, Google was held liable for insufficient information on the processing of personal data, data collection without consent, non-compliance with the requirements of GDPR. The fine for this company was 40 million euros. Moreover, this is not an isolated case.

Please note that your data processing processes should take into account the requirements of the legislation of each jurisdiction where data is collected, processed or stored.

Compliance with the legislation in the field of personal data protection is not a pure formality, but an in-depth study of all mechanisms for interacting with personal data. If you in any way process user data from the EU or more, provide services in the EU, the Law and Trust team will allow you to avoid many difficulties in the process of interaction with government agencies and with the users themselves. With us, the GDPR implementation procedure will be the most painless and as soon as possible.

GDPR Compliance Audit

The first step in bringing the project activities into compliance with the requirements of the legislation on the protection of personal data is an audit. During a comprehensive audit of the company, the site and the application, Law and Trust experts analyze the compliance of the GDIS product (data protection impact assessment), such as personal data collected, available data protection methods, data handling mechanisms. If you comply with the legislation on the protection of personal data that is in force before the entry into force of the regulation, this will significantly bring you closer to meeting the requirements of the new regulation.

Alignment with GDPR

When there is a clear idea of ​​the current state of affairs in the company, the leading lawyers of Law and Trust develop an individual plan for the Client to bring the project to conformity with the GDPR.

In addition to explaining to the team of your project the essence and meaning of the requirements, our specialists customize business processes taking into account the observance of human rights and critical elements of the GDPR.

Documenting Data Processing Rules (Terms of Use, Privacy Policy, Cookie Policy)

Legally competently written documents are not the only, but one of the essential elements of bringing the company into compliance with the new requirements.

Specialists of our company will prepare for your game, website and software a complete package of accompanying documentation that will fix the order of user interaction with your services, determine its rights and obligations.

Consent to personal data flow

Getting approval to data processing is a starting point that allows you to start collecting and processing personal data legally. Permission must be obtained in an additional order for each purpose of collecting personal data. Besides, it is necessary to document the fact of obtaining user consent.

Competent connection on the online platform of understandable and straightforward consent for processing is the key to a secure and robust relationship with the user.

The introduction of Cookie Banner

Cookies are often introduced to ensure reliable and convenient operation of the site, provide advertising to users and optimize processes. The use of cookies requires the user to be warned about the impact on his device and the personal data collected. For these purposes serves as a banner Cookies.

Based on our experience, the most common misconception of the Client is the opinion that it is enough to show the user a small inconspicuous window that is easy to close and not notice. The critical requirement of the regulation is openness. You should be as open as possible to your user and give him the right to choose.

Appointment of a Personal Data Protection Specialist (DPO)

Based on the results of the audit of your project, our specialists may conclude that it is necessary to appoint a personal data protection inspector (DATA PROTECTION OFFICER, DPO). The presence of such a specialist ensures prompt response to changing legislation, allows you to maintain an adequate level of personal data protection. However, such a specialist is required only in individual cases of data processing.

Responsible selection of a DPO specialist that meets your requirements and goals will allow you to maintain compliance with the legislation on the protection of personal data throughout the life of the company.

Access to personal data for minors

Do not forget about the special relationship to the data collected from persons under the age of majority. To be able to collect data from persons under the age of 16 or any other legal age, the consent of his parents will be required.

In practice, entrepreneurs faced the following problem: the implemented systems for obtaining consent do not guarantee that consent to the processing of personal data was purchased directly from the parent or legal representative of the child. To confirm kinship or other legal rights, a sufficiently large package of documents is required, and if there are a lot of potential users of minors, this becomes a real problem.

To address this situation, Law and Trust propose developing a scheme for interacting with these minors based on the needs of each Client.

Aligning activities with local personal data protection requirements

In addition to the GDPR, which has an extraterritorial effect, each jurisdiction has its legislation regarding the process of interaction with personal data. Based on the analysis of the scope of your activity, the specialists of our company reveal the range of jurisdiction and its compliance with legal norms.

Having offices in key jurisdictions around the world, our lawyers promptly register controllers and personal data operators, which allows us to record the data being processed correctly.

Ensuring the transparency of data processing and the confidentiality of the stored information about users allows our customers to stand out against many competitors in the market and avoid severe penalties.

Why Law & Trust International?

Law and Trust International and its specialists will help you and your company correctly draw up a program document on work with personal data of clients. Using the rules of European legislation, you can not only protect the personal data of each user but also be able to comply with all the laws and regulations of the GDPR.

Our team

Key benefits of legal services offered by Law and Trust International

Benefits of legal services-1
Experience and qualifications. The experience of the L&T International team is more than 15 years. It gives the opportunity for working with cases in many business areas like finance, IT, agriculture, trade and foreign economic activity. Thanks to this experience, our specialists always offer the best selection of services.
Benefits of legal services-2
Comprehensive approach and individual solutions. Law and Trust International always provides a vast range of services for our clients, taking into account the individual characteristics of each particular case. Due to this symbiosis, our specialists always fulfil all the wishes of clients in full and taking into account the requests and preferences of customers.
Benefits of legal services-3
Monitoring and innovation.Our team keeps tracking the newest and most advanced working methods, as well as the latest legislative, financial and economic information events around the world. It allows lawyers of Law and Trust International to quickly and creatively resolve virtually any issues in the field of legal consulting.
Benefits of legal services-4
Privacy and responsibility. The security of our customers' data and respond to them are particularly important in the work of Law and Trust International. For all the time of work, we have not had a single leak of commercial, personal or legal information. It allows us to develop, grow and achieve new opportunities.
Benefits of legal services-5
Reputation and result. A team of lawyers of Law and Trust International always welcomes the success of our clients. Reaching new results, we develop new skills that we successfully use in our work. Thanks to successful cases, our clients and our team, we are creating qualitatively new opportunities to achieve the desired result now.