Let's discuss your project
Data Protection Compliance / GDPR / CCPA / UK Data Protection Act
Determining the need for compliance with regulations
Audit: Data Mapping and GAP-analysis
Preparing a Complete set of internal and external policies
Staff training and policy implementation
Let's discuss your project
The companies which process the personal data of users. Processing is any action with data like collection, storage, usage, deletion.
What companies need compliance?
Who must think about compliance?
What is personal data?
Usually, the main stakeholders: the board, legal department, investors, or privacy specialist (DPO), or any other responsible person.
Any data related to the person (identified or identifiable).
For example
You process the personal data if:
+ You have a feedback form
+ You sell or send goods, provide services
+ You collect cookie-files
+ User can create an account
+ You have a feedback form
+ You sell or send goods, provide services
+ You collect cookie-files
+ User can create an account
It depends on the markets the company targets
How to understand whether you process the personal data?
Which regulations the company must be compliant with?
If the company is established in / targets users from:
+ email
+ name and surname
+ phone number
+ any other data identifying a person, such as age, gender, employment-related data, technical data: cookies, IP address, etc.
+ name and surname
+ phone number
+ any other data identifying a person, such as age, gender, employment-related data, technical data: cookies, IP address, etc.
+ with the GDPR, which provides as far the highest level of requirements in the world
+ with the CCPA (in California) and such other American privacy federal and state laws
+ with such emirate's regulations
+ with the CCPA (in California) and such other American privacy federal and state laws
+ with such emirate's regulations
Why should you care about the GDPR/CCPA compliance?
The European and American users are aware of the procedures of exercising them including submitting complaints to the data protection authorities
Your company respects users and their rights
It is user-friendly
Users know their rights
For example, fines for the GDPR violations vary from a few hundred to 20 million (or 4% of annual turnover) euros
The level of fines
The stage of growth or size of your company does not affect the risks. The level of the company’s development affects the amount of a fine, not the risk to be fined.
Any company (including SMB) can get a fine
Bringing the company into compliance with international regulations in this area: GDP (EU), CPS (USA), UK Data Protection Act.
The list of services included:
AUDIT
EXTERNAL COMPLIANCE
INTERNAL COMPLIANCE
ROPA (Records of Processing Activities)
Gap analysis
Creating a set of external documents: Privacy Notice, Cookie Policy (+ Cookie Pop-up)
Creating an Internal “User Request” response policy.
Preparing and signing Data Transfer Agreements and Data Processing Agreements between the company and each data processor (for example developers in another country, hosting providers, etc.).
Conduction Data Protection Impact Assessment
Creating a complete set of internal policies for the company regarding its processes and bringing such processes into compliance with these policies (including compliance with technical requirements, the appointment of responsible people in the company in order to carry out the processes related to Personal Data Protection)
Let's discuss your project
Let's discuss your project
Let's discuss your project
Our Cases
REQUEST:
Make express preparation for the GDPR, in order to gain the opportunity to cooperate with a large partner company.
TASK:
Understand how to bring the company into compliance in a short time, sufficient to start working with a partner, while making a plan for long-term and reliable preparation of the company for full compliance with the regulations.
MacKeeper
CLIENT:
01
/13
Understanding the company's business model.
02
/13
Delve into the pocesses of the current state of affairs on the processing of personal data.
03
/13
Fill out the necessary audit questionnaires together with the client.
04
/13
Make a plan for irgent and non-urgent alignment of the company.
05
/13
Communication with the team. Familiarization of the client's team with the basic principles of data processing in accordance with the GDPR and the EU Convention on Human Rights.
06
/13
Preparation of audit results and approval of action plans.
07
/13
Getting started.
08
/13
Compilation of all internal policies.
09
/13
Internal training of the client's company employees.
10
/13
Implementing policies in practice, changing processes.
11
/13
Training employees in case of data emergencies.
12
/13
Building a plan for the long-term maintenance of the company in accordance.
13
/13
Making changes to the company's external materials: Website, application, service, platform, personal account, etc.
Understanding the company's business model.
Delve into the pocesses of the current state of affairs on the processing of personal data.
Fill out the necessary audit questionnaires together with the client.
Make a plan for urgent and non-urgent alignment of the company.
Communication with the team. Familiarization of the client's team with the basic principles of data processing in accordance with the GDPR and the EU Convention on Human Rights.
Preparation of audit results and approval of action plans.
Getting started.
Compilation of all internal policies:
Internal training of the client's company employees.
Implementing policies in practice, changing processes.
Training employees in case of data emergencies.
Building a plan for the long-term maintenance of the company in accordance.
Making changes to the company's external materials: Website, application, service, platform, personal account, etc.
Results:
The company has solved its business problems.
The company has a clear long-term plan for implementing GDPR requirements.
The company is prepared to work with large and partner companies.
The company's internal processes have been changed in accordance with international rules and standards for the processing of personal data, which automatically means compliance not only with GDPR, but also with the laws of most similar laws in other jurisdictions.
Employees are trained in how to process user data.
It is easier for a company to get ISO certification.
The company has approved internal documents and procedures, so that it can demonstrate its compliance with the GDPR regulations.
Features of the AVITAR Team
We know how the online business works from inside out
We are an integral part of your team when entering the EU and US markets
We have experience in handling legal disputes on behalf of the client on US and EU markets
It is important for us to solve your business task, and not to impose a legal solution
What Clients Say About our Work
Oleg Lesov, CEO Softcube
Avitar has been supporting our company Softcube since 2018. All this time, their advice was professional, comprehensive, and accurate. Avitar team has excellent expertise in GDPR and copyright law. It is a pleasure to work with them.
Dmitry Budorin, CEO Hacken
Efficient and effective. Our team has spent min time for explaining our needs and we received tailored and prompt work result. Highly recommend.
Evgeniy Khotyanov, CEO Bookimed
They're very good in GDPR compliance and user agreements. Our Bookimed team mates are satisfied dealing with Avitar.
Nikita Fursov, Founder at 1Dea.me
The guys are very cool! Minimum of violence against the client, maximum result. In case they are not capable of doing the job, they will find who will - and this is very valuable. Highly recommended!
Arthur Kritsak, Founder of InReepublic
Developed documents for a web platform that works in the US and Ukraine. Everything is high quality. We will contact more!
Eugene Kuzmin, CEO MORZA.co
Before meeting the guys, their recommendations. In my view, the development and scaling of the business was, it was necessary to rush, and then we will deal with putting in order the processes and documents.
FAQ
Is GDPR a technical or legal issue?
The GDPR is a question that brings together legal regulations and technical means to implement those regulations. If you want to bring your business to the "compliant with GDPR" status, a team of lawyers and information security specialists should work on this issue.
Which business is 100% not covered by the GDPR?
For the GDPR, an extraterritorial regime applies. This means that the GDPR rules apply to persons who process the personal data of EU residents and citizens, regardless of the place of incorporation and residence. That is, if a company processes personal data of users from the EU, it is obliged to comply with the GDPR regulation. In theory, if a company does not collect and process this kind of data, it will not fall under the GDPR. In practice, every company must be audited for "falling" under the GDPR.
Why should I contact lawyers? I believe that I myself can determine if I need a GDPR.
Since a company may face a fine of up to 20 million euros or 4% of the company's finished global turnover for the previous financial year for non-compliance with the GDPR requirements (depending on which figure is higher), it is still better to contact lawyers.
I have a personal data processing policy on my site. It's enough?
No, not enough. Personal data processing policy is just one of the means to comply with the GDPR requirements.
How long does it take to bring your business to GDPR?
It depends on the size of the business and the amount of data processing. Practice shows that, on average, this process usually takes one year.
MAIL
PHONE
OFFICE
SOCIAL
Let's Start Something Completely New Together
