Who are we?
GDPR Compliance is a legal advice service offered by the private law firm Chiriţă şi asociaţii, located in Cluj-Napoca. The Law Firm has been set up in 2011 and it is mainly specialized on the intellectual property right, protection of personal data, cyber-law and human rights viewed from the perspective of private law, as well as that of civil law. Within the firm operate around 20 lawyers. Within the society operate lawyers in the process of obtaining their European certification of competences towards the imposition of GDPR.
2. What is GDPR?
GDPR is an acronym of the European Union regulation concerning personal data protection that is due to enter into force on the 25th of May, 2018.
This regulation will introduce, for the first time, in the Romanian Law a series of individual rights, correlative with a series of obligations of the legal persons that operate or process personal data. By personal data is meant any data that can be used to identify a person, including name, social security number or the address. Some data concerning a certain person, like those related to its health status, criminal record, the belonging to a disadvantaged group etc. is considered sensible data and enjoy an increased protection.
The new liabilities imposed through the regulation will affect every person that operate with this kind of data, but especially those that operate with sensible data (medical clinics, pharmacies, educational establishments, notaries and lawyers etc.) or those that operate with such date via the nature of the business (recruiting companies, online shops etc.).
These liabilities are extremely burdensome, whereas the fines imposed on them through the new regulation in the case of non-complying with the set liabilities are up to 10% of the legal person’s income, which is a lot.
3. What do we have to do starting with the 25th of May, 2018?
It depends on the nature of your business, on the type of collected data, on the way that very data is used. There is no universal answer to this question. Some legal persons will be obliged to designate a person for the role of official tasked with the data’s protection (DPO), and others won’t have such obligations. For some operations that involve personal data a prior agreement of the concerned person is required, and for others is not. Therefore, the first thing to be done is an audit that has as subject the incidence of the regulation on the way of collection, archiving or using of some personal data, followed by the taking of general measures. Part of these activities and measures will generate expenses, however reduced when compared to applicable fines.
4. What do we offer through our service?
Through specialised lawyers, our firm will offer you, above all, an audit of the activity in order to determine exactly the obligations you are due to respect. Later, our society offers you professional advice for the preparation of the necessary documents:
2. Terms and Conditions
3. Nondisclosure Agreement
4. Data Protection Policy – Security measures and risk management plan
5. Consent Form
6. Register of Complaints and Referrals
7. Security Breach Register and Taken Measures
8. DPIA Impact Evaluation Report
9. Notification on the measures taken in case of incidents for the elimination/ reduction of the incident’s effects
10. Security Breach Notification
11. Data Requests Register
12. Third Parties Register
13. Authority Notification
14. Notification on the data held towards the concerned person
15. Personal Training File
16. Audit Report
17. Job Description/ DPO Contract
18. Data Register
19. Audit Evidence Record
5. How much is this service?
Setting a price for the offered services is impossible, whereas the necessary workload depends on the client’s activity, type of collected or used data etc. However we invite you request a price offer via an e-mail to firstname.lastname@example.org , in which you would present your company or institution.