Our role in the provision of services is also developing a full set of security-related documentation tailor-made for each client containing all the information required in accordance with the Regulation of the European Parliament and the EU Council 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and with the Act No. 18/2018 Z. z. on Personal Data Protection and on Amendments to Certain Acts. An all-inclusive and high-quality documentation requires:
1) An analysis of the state of protection of personal data and identification of all operations of personal data, which is the basis for correct setting of processes to ensure compliance with GDPR. Based on a thorough analysis we will know how to:
2) Preparation of all necessary documents to ensure compliance with GDPR defining all processes for handling personal data and processes designed to ensure the security of personal data. The documentation shall include the following:
With our own professional team and we will provide you with all-inclusive service of a data protection officer who is fully qualified to perform such role under the conditions laid down in Article 37 of GDPR. Under the Regulation, controllers are required to mandate a data protection officer. However, controllers who do not meet such conditions may decide to designate a data protection officer.
The data protection officer will help controllers constantly monitor the compliance of the procedures in the handling of personal data in their organisation. This service includes the performance of all legal obligations as imposed on the data protection officer by GDPR and the Act No. 18/2018 Z. z. on Personal Data Protection. We have extended the DPO service to include inspection activities and regular supervision of personal data protection. Put simply, we can say that the data protection officer ensures regular monitoring of the compliance of the processing of personal data.
This service includes a process set up to achieve our client's compliance with the GDPR and the Act No. 18/2018 Z. z. on Personal Data Protection. Thanks to the steps below the processes and matters of personal data protection in your company will be provided in a simpler and easier way:
1) An analysis of the state of personal data protection and identification of all operations concerning personal data.
Such an analysis of the state of personal data protection with respect to GDPR is essential in order for processes to be set correctly. Based on a thorough analysis we will be able to:
2) Developing a full set of all necessary documents to ensure compliance with GDPR.
After the initial analysis, it is necessary to prepare all documents and forms defining all flows of personal data and processes designed to ensure the protection of personal data. The documentation shall include the following:
3. Implementing GDPR, which we consider one of the most important activities in the provision of our services. We will help you put the analysis and all the documents into practice. Setting up the protection of personal data is not just writing down the steps on paper, but mainly configuring the personal data protection system by adoption of certain security measures within the framework of:
4. Regular care, advice, consulting.
Personal data protection spans across a broad range of issues and advances constantly. Regular advice served by the data protection officer will take away the burden from you to watch out for updates of new guidelines and revision of laws. Your assigned data protection officer will monitor all changes in the area of personal data protection and prepare the necessary forms accordingly, and keep you informed about current events in the area of personal data protection. The data protection officer will also perform periodic inspections and training activities in your organisation at agreed intervals to prevent any potential errors in the processing of personal data.
In the case you decide to expand your portfolio of services, with a data protection officer you can be sure that any new processing of personal data will be compliant with the current legislation.
The security documentation concerning the protection of personal data includes a recommendation to our clients that their organisations appoint a security administrator.
A security administrator in matters of personal data protection ensures safeguarding of automated and non-automated systems in which there is a processing of personal data. The fundamental role of a security administrator is to oversee the processing of personal data contained in automated and non-automated information systems in terms of safety functions and approaches in compliance with all the requirements of the security policy and security guidelines. The focus of this person's activities will consist of managing and monitoring the system's security functions. Such activities will be defined and specified in the security guidelines of the information system, which will be part of the technical and organisational measures. The security administrator is also involved in the investigation of security incidents.
The security administrator must be familiar with every detail of operating systems (including their network features, security settings), computing and technical equipment, communication subsystem, topology of automated information systems, and applications that process personal data in the information systems. At the same time, the security administrator it is required to know and respect the general principles of information system security and compliance with the principles of security of the processing of personal data.
Besides other services, our company provides a security administrator service, with the expertise and qualification to carry out the role. For more information, please contact us at firstname.lastname@example.org.
We offer a full range of services for obtaining industrial security certificates (clearance of the National Security Authority) for business entities (legal and natural persons) in accordance with the Act No. 215/2004 Z. z. on Protection of Classified Information, as amended.
The service is provided to entrepreneurs who are required to obtain a certificate of industrial security at the appropriate security classification level , in accordance with the Act No. 215/2004 Z. z. on Protection of Classified Information, as amended, and the National Security Authority Decree No. 301/2013 Z. z. if they plan to:
The analysis, the recommendations and the basic documents needed for the security clearance include:
Processing of Special Documents
Nowadays, when most data is in digital form, cybersecurity is an integral part of data protection.
Under the Act no. 69/2018 Coll. on Cybersecurity and on Amendments to Certain Acts, an operator of essential services is required to introduce security measures, and is also obliged to verify the effectiveness of the security measures and compliance with the requirements established by this Act. An operator of an essential service is anyone who meets at least one sector-specific criterion and one impact criterion.
As a company specialised in security services we can give you a helping hand and provide you with:
1) Analysis of sector-specific criteria and impact criteria – by means of a detailed analysis we will evaluate compliance with sector-specific and impact criteria to determine the potential impact a cybersecurity incident could have in an information system or a network. The result is a document helping you determine whether you are to be on the list of essential service operators.
2) Analysis of cybersecurity – if the analysis of sector-specific criteria and impact criteria proves that you have a legal obligation to be included in the list of operators of essential services, it is necessary to carry out an analysis of cybernetic security under the Act No. 69/2018 Z. z. and the National Security Authority Decree No. 362/2018 Z. z.
3) Proposed cybersecurity measures – based on the analysis of cybersecurity we can prepare tailor-made proposals for security measures (security documentation) in accordance with the National Security Authority Decree no. 362/2018, laying down the Content of Security Measures, the Content and Structure of Security Documentation and The Scope of General Security Measures.
4) Professional personnel training – our experts can give your employees information on social engineering and cybersecurity. The training courses are held in direct interaction with the client and with regard to the general public.
5. Advice and consultation – provided for by our team of experts from the relevant fields. If necessary, we can represent you in proceedings before the National Security Authority.
For purposes of organising cyber security, we can provide a service of designating a cybersecurity manager who:
Our company provides its clients with expert advice and consultation in the field of personal data protection under the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") and pursuant to the Act No. 18/2018 on Personal Data Protection and on Amendments to Certain Acts.
The topic of personal data protection concerns not only GDPR and the Act on Personal Data Protection. When setting up processes, one needs to follow the national legislation, too. Since we work closely with law firm Hronček & Partners s. r. o., we can provide highly professional approach in this area through a team of experts from the relevant fields.
If necessary, we can arrange representation in proceedings before the Office for Personal Data Protection. Each of our clients has the option to arrange a specific time with us during which we will be fully available to cover any questions and requirements. Our advisory activity is aimed at a detailed explanation of data protection issues and the implementation GDPR as needed by the client.
Professional training in the field of protecting personal data and classified information takes place at workshop with the possibility of interactive discussions, addressing specific issues relevant for companies or individuals. Professional training courses are held with a minimum attendance of 5 people. Training is provided at the premises of the company, in direct interaction with the client. We can also organise training courses in other adequate training rooms as necessary.
By working closely with law firm Hronček & Partners, s. r. o. that provides legal advice in assessing the lawfulness of personal data processing and has extensive experience in dealing with data protection under the previous legislation, under the new GDPR rules and the Act No. 18/2018 Z. z. on Personal Data Protection, we are able to provide the following services:
We monitor the guidelines of the Office for Personal Data Protection on continuous basis in order to adjust the processes set up by clients to the existing practice in the Slovak Republic.
Under the Act no. 69/2018 Coll. on Cybersecurity and on Amendments to Certain Acts, an operator of essential services is required to introduce security measures, and is also obliged to verify the effectiveness of the security measures and compliance with the requirements established by this Act, by carrying out a cybersecurity audit. The audit must be carried out within a period of two years from the date an essential service operator is included in the register of operators of essential services.
For the purposes of organising cybersecurity, the principle of designating a cybersecurity manager is applied who, under the National Security Authority Decree No. 362/2018 Z. z. Laying down the Content of Security Measures, the Content and Structure of Security Documentation and The Scope of General Security Measures:
1) may submit proposals and report the information in the field of cybersecurity directly to the statutory body of the operator of essential services,
2) ensures the application of security measures in the cybersecurity management system,
3) is independent of the operation management and development of information technology services, and
4) meet the knowledge standards for the position of a cybersecurity manager according to a specific legal regulation.
A designated cybersecurity manager must be a person who is able to give evidence of his or her professional qualification and whose security role includes responsibility for organising the cybersecurity management system.
The cybersecurity manager is a professional management element in cybersecurity of the operator of an essential service who needs to know the internal environment of the organisation and the assets of the essential service operator.
Our company can provide a cybernetic manager service. Our offer includes a full service of a cybersecurity manager who is an expert in the field of information and communication technologies and is qualified to carry out his or her tasks in accordance with special regulation issued by the Office. Please contact us if you are interested and want more information, at our e-mail address email@example.com
Do you want to know more about our activities and projects? You can also find us here: