Our role in the provision of services is also developing a full set of security-related documentation tailor-made for each client containing all the information required in accordance with the Regulation of the European Parliament and the EU Council 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with the Act No. 18/2018 Z. z. on Personal Data Protection and on Amendments to Certain Acts. An all-inclusive and high-quality documentation requires:
1) An analysis of the state of protection of personal data and identification of all operations of personal data, which is the basis for correct setting of processes to ensure compliance with GDPR. Based on a thorough analysis we will know how to:
2) Preparation of all necessary documents to ensure compliance with GDPR defining all processes for handling personal data and processes designed to ensure the security of personal data. The documentation shall include the following:
With our own professional team and we will provide you with all-inclusive service of a data protection officer who is fully qualified to perform such role under the conditions laid down in Article 37 of GDPR. Under the Regulation, controllers are required to mandate a data protection officer. However, controllers who do not meet such conditions may decide to designate a data protection officer.
The data protection officer will help controllers constantly monitor the compliance of the procedures in the handling of personal data in their organisation. This service includes the performance of all legal obligations as imposed on the data protection officer by GDPR and the Act No. 18/2018 Z. z. on Personal Data Protection. We have extended the DPO service to include inspection activities and regular supervision of personal data protection. Put simply, we can say that the data protection officer ensures regular monitoring of the compliance of the processing of personal data.
This service includes a process set up to achieve our client's compliance with the GDPR and the Act No. 18/2018 Z. z. on Personal Data Protection. Thanks to the steps below the processes and matters of personal data protection in your company will be provided in a simpler and easier way:
1) An analysis of the state of personal data protection and identification of all operations concerning personal data.
Such an analysis of the state of personal data protection with respect to GDPR is essential in order for processes to be set correctly. Based on a thorough analysis we will be able to:
2) Developing a full set of all necessary documents to ensure compliance with GDPR.
After the initial analysis, it is necessary to prepare all documents and forms defining all flows of personal data and processes designed to ensure the protection of personal data. The documentation shall include the following:
3. Implementing GDPR, which we consider one of the most important activities in the provision of our services. We will help you put the analysis and all the documents into practice. Setting up the protection of personal data is not just writing down the steps on paper, but mainly configuring the personal data protection system by adoption of certain security measures within the framework of:
4. Regular care, advice, consulting.
Personal data protection spans across a broad range of issues and advances constantly. Regular advice served by the data protection officer will take away the burden from you to watch out for updates of new guidelines and revision of laws. Your assigned data protection officer will monitor all changes in the area of personal data protection and prepare the necessary forms accordingly, and keep you informed about current events in the area of personal data protection. The data protection officer will also perform periodic inspections and training activities in your organisation at agreed intervals to prevent any potential errors in the processing of personal data.
In the case you decide to expand your portfolio of services, with a data protection officer you can be sure that any new processing of personal data will be compliant with the current legislation.
Information security is a solution for securing information systems, information and access to data. The information security management system is evolving with respect to the culture, processes, technologies and requirements of your company / organization. ISO / IEC 27000 standards are a recognized standard in this area to help ensure that your information security policy is appropriate. In the field of information security, a systemic approach is applied, which consists in setting work standards in the field of information security management and in eliminating internal and external risks when working with data. As part of its activities, our company offers services in the field of information security, which have 3 areas:
The goal of information security is to protect the integrity of all data from accidental or intentional actions by employees or external parties. A modern approach to information security is based on mapping the relevant information processes (transfer, storage, use, disposal), taking into account the human factor and related business risks. Proper risk assessment, measurement and monitoring can be difficult. Information security risk analysis consists of identifying these risks, quantifying them, monitoring them over time to detect changes, analyzing these data to identify security vulnerabilities, and drawing conclusions that allow informed decisions to be made. There are many frameworks that can help companies perform information security risk analysis.
Security is a process and a way. Information security risk analysis is part of this journey. It helps the organization identify the various control mechanisms it could put in place to suppress or mitigate specific risks. These controls may include administrative, technical, operational and physical security measures.
As hackers track vulnerabilities and new viruses and malicious code exploit them, there is a growing need to develop a comprehensive data security policy. The essence of data security policy is to clearly articulate the problems. The company's information security policy is an official set of documents that define the rules and guidelines that employees follow when protecting data and ensuring information security. Information security policy is a standards-based handbook with procedures for protecting the confidentiality, integrity and availability of electronic information and communication systems. These measures need to be translated into practice, whether in the area of object security, personnel security and implementation of IT solutions.
Implementing IT solutions is a process that usually involves installing and configuring hardware and software for a specific application. Implementation can be technically demanding and can take several months. It's not as easy as buying a laptop and then connecting it to the operator's network. Designing network segmentation that meets the needs of individual businesses requires skill. Therefore, it is important to choose a partner with specialized professionals who have many years of experience with enterprise applications, hardware, software and security issues.
With our service, you get an information security system that meets the standards of the ISO / IEC 27000 series and protects your business from loss and theft by ensuring the protection of all data, whether yours or the data of your customers.
Besides other services, our company provides services in the field of information security. For more information, please contact us at email@example.com.
We offer a full range of services for obtaining industrial security certificates (clearance of the National Security Authority) for business entities (legal and natural persons) in accordance with the Act No. 215/2004 Z. z. on Protection of Classified Information, as amended.
The service is provided to entrepreneurs who are required to obtain a certificate of industrial security at the appropriate security classification level , in accordance with the Act No. 215/2004 Z. z. on Protection of Classified Information, as amended, and the National Security Authority Decree No. 301/2013 Z. z. if they plan to:
The analysis, the recommendations and the basic documents needed for the security clearance include:
Processing of Special Documents
Nowadays, when most data is in digital form, cybersecurity is an integral part of data protection.
Under the Act no. 69/2018 Coll. on Cybersecurity and on Amendments to Certain Acts, an operator of essential services is required to introduce security measures, and is also obliged to verify the effectiveness of the security measures and compliance with the requirements established by this Act. An operator of an essential service is anyone who meets at least one sector-specific criterion and one impact criterion.
As a company specialised in security services we can give you a helping hand and provide you with:
1) Analysis of sector-specific criteria and impact criteria – by means of a detailed analysis we will evaluate compliance with sector-specific and impact criteria to determine the potential impact a cybersecurity incident could have in an information system or a network. The result is a document helping you determine whether you are to be on the list of essential service operators.
2) Analysis of cybersecurity – if the analysis of sector-specific criteria and impact criteria proves that you have a legal obligation to be included in the list of operators of essential services, it is necessary to carry out an analysis of cybernetic security under the Act No. 69/2018 Z. z. and the National Security Authority Decree No. 362/2018 Z. z.
3) Proposed cybersecurity measures – based on the analysis of cybersecurity we can prepare tailor-made proposals for security measures (security documentation) in accordance with the National Security Authority Decree no. 362/2018, laying down the Content of Security Measures, the Content and Structure of Security Documentation and The Scope of General Security Measures.
4) Implementation of measures in the field of cyber security - we also implement draft measures. From secure access management, through data control and protection with protection against misuse, theft or other inappropriate handling of your company's data, to the protection of applications that clients regularly use in their work.
5) Professional personnel training – our experts can give your employees information on social engineering and cybersecurity. The training courses are held in direct interaction with the client and with regard to the general public.
6) Advice and consultation – provided for by our team of experts from the relevant fields. If necessary, we can represent you in proceedings before the National Security Authority.
For purposes of organising cyber security, we can provide a service of designating a cybersecurity manager who:
Our company provides its clients with expert advice and consultation in the field of personal data protection under the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") and pursuant to the Act No. 18/2018 on Personal Data Protection and on Amendments to Certain Acts.
The topic of personal data protection concerns not only GDPR and the Act on Personal Data Protection. When setting up processes, one needs to follow the national legislation, too. Since we work closely with law firm Hronček & Partners s. r. o., we can provide highly professional approach in this area through a team of experts from the relevant fields.
If necessary, we can arrange representation in proceedings before the Office for Personal Data Protection. Each of our clients has the option to arrange a specific time with us during which we will be fully available to cover any questions and requirements. Our advisory activity is aimed at a detailed explanation of data protection issues and the implementation GDPR as needed by the client.
Professional training in the field of protecting personal data and classified information takes place at workshop with the possibility of interactive discussions, addressing specific issues relevant for companies or individuals. Professional training courses are held with a minimum attendance of 5 people. Training is provided at the premises of the company, in direct interaction with the client. We can also organise training courses in other adequate training rooms as necessary.
By working closely with law firm Hronček & Partners, s. r. o. that provides legal advice in assessing the lawfulness of personal data processing and has extensive experience in dealing with data protection under the previous legislation, under the new GDPR rules and the Act No. 18/2018 Z. z. on Personal Data Protection, we are able to provide the following services:
We monitor the guidelines of the Office for Personal Data Protection on continuous basis in order to adjust the processes set up by clients to the existing practice in the Slovak Republic.
Under the Act no. 69/2018 Coll. on Cybersecurity and on Amendments to Certain Acts, an operator of essential services is required to introduce security measures, and is also obliged to verify the effectiveness of the security measures and compliance with the requirements established by this Act, by carrying out a cybersecurity audit. The audit must be carried out within a period of two years from the date an essential service operator is included in the register of operators of essential services.
For the purposes of organising cybersecurity, the principle of designating a cybersecurity manager is applied who, under the National Security Authority Decree No. 362/2018 Z. z. Laying down the Content of Security Measures, the Content and Structure of Security Documentation and The Scope of General Security Measures:
1) may submit proposals and report the information in the field of cybersecurity directly to the statutory body of the operator of essential services,
2) ensures the application of security measures in the cybersecurity management system,
3) is independent of the operation management and development of information technology services, and
4) meet the knowledge standards for the position of a cybersecurity manager according to a specific legal regulation.
A designated cybersecurity manager must be a person who is able to give evidence of his or her professional qualification and whose security role includes responsibility for organising the cybersecurity management system.
The cybersecurity manager is a professional management element in cybersecurity of the operator of an essential service who needs to know the internal environment of the organisation and the assets of the essential service operator.
Our company can provide a cybernetic manager service. Our offer includes a full service of a cybersecurity manager who is an expert in the field of information and communication technologies and is qualified to carry out his or her tasks in accordance with special regulation issued by the Office. Please contact us if you are interested and want more information, at our e-mail address firstname.lastname@example.org
Do you want to know more about our activities and projects? You can also find us here: