Data Protection

Personal data is a collection of data that allows the identification of individuals. The social interaction between people is done through the exchange of information. The functioning of our society is inconceivable in the absence of data exchanges. We all know that society abounds with personal data. The information enables the holder to act effectively. Information extracted from personal data is important because they allow profiling. Consequently, they allow active agents to perform attention management through personalized interactions. The free movement of personal data within the European Union may not be restricted or prohibited for reasons relating to the protection of individuals about the processing of personal data. The Regulation seeks to put a brake on the execution of attention management of individuals within the European area by agents operating outside this area. This is a diffuse but important economic benefit. The individuals also benefit. They have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which produces similar affects to a significant extent.

Our main activities in personal data protection law are:

Consultancy
# written answers to questions of management and data protection officers regarding the protection of personal data, studies, and legal opinions;

Data protection audit
# lawyers visiting the organization’s premises; discussion with departmental managers and staff handling personal data to find out how they are currently being handled; lawyers need to find out the circuit of each physical and IT document containing personal data and how the IT applications used work; all details are carefully noted to get a clear picture of the flow of personal data
creation (drafting) of a personal data synopsis; which personal data, which documents and which staff are involved; the synopsis includes the typology of personal data, sources, types of access, powers and access rights, the circuit of use, and the processes of use, modification, transfer, and deletion of personal data, both for employees and clients and other contractors
# based on the synopsis, drafting of the audit report, which includes the list of activities to be carried out by the organization to ensure compliance with the provisions of the Regulation and suggestions for upper management; the report includes all the information collected, arranged in a comprehensible structure, with identification of vulnerabilities and risks, both of an operational nature and a technical and legal nature

Data protection compliance (implementation after audit)
# drafting/modifying the organization’s internal procedures in compliance with the GDPR; procedures are drafted in a highly customized way, according to the actual processes in the organization; lawyers will also recommend the setting up of a procedures committee to ensure that the procedures are permanently adapted to the needs of the organization
# review employment contracts and job descriptions; lawyers will make general suggestions and, if management requests, review each job description individually
# review contracts with the organization’s partners to include the clauses required by the GDPR; the review will include clarification of the type of contractual relationship from a GDPR perspective; the need to review contracts may highlight severe problems in the conduct of contractual relationships, which can only be resolved through the involvement of the organization’s top management; lawyers will also present to management the issues to be agreed with the organization’s contractual partners
# drafting information to own employees and drafting information and communications to be addressed to persons from whom personal data are collected; training on how to communicate with data subjects

Training
# training sessions for employees who handle personal data on GDPR requirements and behavioural requirements; the training covers both the provisions of the Internal Regulation required under GDPR and technical aspects related to the organization’s security policy.


Recommended Lawyers

Andrei Savescu Av. dr. Andrei Săvescu
Alina Matei Av. Alina Matei
Răzvan Crăciunaș Av. Răzvan Crăciunaș
Alexandru Sima Av. Alexandru Sima