Information security, CBsoft, s.r.o.
  • Home
  • GDPR EU
    • Data Protection Impact Assessment pursuant to GPDR EU 2016/679
    • Security program how to to achieve the compliance with General data protection regulation - GDPR 2016/679 EU.
    • External data protection officer ( DPO ) for GPDR
  • Security program
    • Information security management system (ISMS) programs according to ISO/IEC 27001
    • Security project for integrity and security of the public electronic networks and services developed in accordance with measure no. O-30/2012 of the Regulatory Authority for Electronic Communications and Postal Service of the Slovak Republic
  • Security audit
    • Preparation for the ISMS external audit according to ISO 27001
    • Security and integrity audit of the public electronic networks and services according to measure O-30/2012 of the Regulatory Authority of the Slovak Republic
  • ISMS management
    • Information security external manager
    • Implementation of information security management system (ISMS) projects according to ISO 27001
    • Preparation for the ISMS audit according to ISO 27001
  • References
  • Contact

GPDR EU 2016/679

Data Protection Impact Assessment pursuant to GPDR EU 2016/679

Details

We offer the Data Protection Impact Assessment pursuant to the General data protection regulation - GDPR 2016/679 of the European Parliament and Council.

What does GDPR data protection impact assessment mean and what does it involve?

Data protection impact assessment is a process intended to describe the processing, assess its necessity and adequacy as well as to help managing the risks to the rights and freedoms of the natural persons resulting from the personal data processing by assessing such risks and determining the measures to deal with them.


The data protection impact assessment is a significant tool ensuring that the relevant entities took over their responsibility, since they are helping the controllers not only to comply with the requirements of the General Data Protection Regulation) but also to prove that they have adopted adequate measures to ensure compliance with the Regulation.
In other words, the data protection impact assessment shall mean the process of building and demonstrating compliance.

The process for building compliance is implemented through a security project program.

This means an implementation of the personal data protection management system. The security project (program) determines the adequate safety measures, technical, organisational and personal, to be introduced to achieve compliance.

When isn’t a DPIA required?
Where a processing is “likely to result in a high risk”.
When the processing is not "likely to result in a high risk", or has already been authorized, or has a legal basis.
For those existing processing operations created after May 2018 or that change significantly.

The data protection impact assessment involves mainly

a) a systematic description of the envisaged processing operations and the purposes of the personal data processing, including, where applicable, the legitimate interest pursued by the controller,
b) an assessment of the necessity and proportionality of the processing operations in relation to the purposes,
c) an assessment of the risks to the rights and freedoms of data subject and
d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Act taking into account the rights and legitimate interests of data subjects and other persons concerned.

Send a request for quotation

Why us?

Our company has been actively working in the field of information technologies

Our experiences, knowledge and active activity in the field of information technologies enable us to process the security analysis and IT system project in a competent way.

Compliance of the outputs with the intra-company guidelines and processes

Examination of the existing documentation (English) and adaptation of our outputs to the existing guidelines and organisation processes already implemented.

Stability of the company

Continuity of our activity: our company has been working in the field for more than 14 years.

Person responsible for qualified consulting

Ing. Daniel Bednárik, education: Faculty of Applied Informatics, Tomas Bata University in Zlín, field of study: Engineering Informatics, Security Technologies.

Internationally accepted and accredited CISM certificate of the ISACA organisation

CISM (Certified Information Security Manager) certificate is intended for experienced information security managers and has been designed to provide an assurance to the executive management that its holders have the required knowledge and skills to perform efficient security management.

The list of the Isaca Slovakia certificate holders (www link).

Certificate of internationally accredited training IRCA, ISO 27001

Ing. Daniel Bednárik passed an internationally accredited training for external auditors/lead auditors for ISO 27001. The accreditation is covered by IRCA (International Register of Certified Auditors). IRCA Certificate No.: 27416.

Qualified independent auditor of the Regulatory Authority for Electronic Communications and Postal Services

Our company is included in the list of qualified independent auditors for the security audit performance in a company providing public electronic communication services. 

The list is published on the Regulatory Authority’s website (www link).

Liability Insurance

Liability insurance for damage caused when providing the services in the field of information technology security in the extent as follows: EUR 100,000, (Colonnade Insurance S.A.).

Send a request for quotation

External data protection officer ( DPO ) on the basis of a service contract pursuant to GPDR

Details

We offer the service of the external data protection officer pursuant to the General data protection regulation - GDPR 2016/679 of the European Parliament and Council.

Designation of data protection officer ( DPO ) pursuant to GPDR helps the controller or the processor to monitor internal compliance with GDPR.

Why external data protection officer?
DPO assists the controller or the processor to monitor internal compliance with GDPR. DPO collects information to identify processing activities, analyses and checks the compliance of processing activities, and informs, advises and issues recommendations to the controller or the processor.
Designation of  external DPO data protection officer on the basis of a service saves costs of human resources.

Tasks of the DPO:

Monitoring compliance with the GDPR:

  • collects information to identify processing activities,
  • analyses and checks the compliance of processing activities, and
  • informs, advises and issues recommendations to the controller or the processor.


The DPO’s role in a data protection impact assessment:

According Article 35(1) of GDPR the task of the controller is to carry out, when necessary, a data protection impact assessment (‘DPIA’).
The controller should seek the advice of the DPO, on the following issues:

  • whether or not to carry out a DPIA
  • what methodology to follow when carrying out a DPIA
  • whether to carry out the DPIA in-house or whether to outsource it
  • what safeguards (including technical and organisational measures) to apply to mitigate any
  • risks to the rights and interests of the data subjects
  • whether or not the data protection impact assessment has been correctly carried out and
  • whether its conclusions (whether or not to go ahead with the processing and what safeguards
  • to apply) are in compliance with the GDPR


Risk-based approach:

Article 39(2) of GDPR requires that the DPO ‘have due regard to the risk associated with the processing operations, taking into account the nature, scope, context and purposes of processing’.

  • DPO should to prioritise activities and focus on issues that present higher data protection risks.
  • DPO should advise the controller what methodology to use when carrying out a DPIA, which areas should be subject to an internal or external data protection audit


The DPO’s role in record-keeping:

Under Article 30(1) and (2) of GDPR, it is the controller or the processor, not the DPO, who is required to ‘maintain a record of processing operations under its responsibility’ or ‘maintain a record of all categories of processing activities carried out on behalf of a controller.

  • In practice, DPO often creates inventories and holds a register of processing operations based on information provided.

(Source: document 16/SK WP 243 rev.01, WP29)

Send a request for quotation

Why us?

Our company has been actively working in the field of information technologies

Our experiences, knowledge and active activity in the field of information technologies enable us to process the security analysis and IT system project in a competent way.

Compliance of the outputs with the intra-company guidelines and processes

Examination of the existing documentation (English) and adaptation of our outputs to the existing guidelines and organisation processes already implemented.

Stability of the company

Continuity of our activity: our company has been working in the field for more than 14 years.

Person responsible for qualified consulting

Ing. Daniel Bednárik, education: Faculty of Applied Informatics, Tomas Bata University in Zlín, field of study: Engineering Informatics, Security Technologies.

Internationally accepted and accredited CISM certificate of the ISACA organisation

CISM (Certified Information Security Manager) certificate is intended for experienced information security managers and has been designed to provide an assurance to the executive management that its holders have the required knowledge and skills to perform efficient security management.

The list of the Isaca Slovakia certificate holders (www link).

Certificate of internationally accredited training IRCA, ISO 27001

Ing. Daniel Bednárik passed an internationally accredited training for external auditors/lead auditors for ISO 27001. The accreditation is covered by IRCA (International Register of Certified Auditors). IRCA Certificate No.: 27416.

Qualified independent auditor of the Regulatory Authority for Electronic Communications and Postal Services

Our company is included in the list of qualified independent auditors for the security audit performance in a company providing public electronic communication services. 

The list is published on the Regulatory Authority’s website (www link).

Liability Insurance

Liability insurance for damage caused when providing the services in the field of information technology security in the extent as follows: EUR 100,000, (Colonnade Insurance S.A.).

Send a request for quotation

Security program for GDPR as a plan how to to achieve the compliance with General data protection regulation - GDPR 2016/679 EU.

Details

We offer development of security program of personal data protection for building compliance with the General data protection regulation - GDPR 2016/679 of the European Parliament and Council

The security program for building compliance with the General data protection regulation - GDPR 2016/679 of the European Parliament and Council it is based on standards ISO/IEC 27001 Information security management systems.

Why the security program?
Because it proposes the information security management system and includes and plans specific technical and organizational measures to be taken in order to achieve an adequate level of protection of personal data pursuant to the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (GDPR)..

Security program includes

Formulation of basic security objectives and scope: specification of technical and organizational security measures to ensure the protection of information and the method of its use.

Information system security analysis: detailed analysis of the state of security in terms of a possible breach of confidentiality, availability, and integrity of information.

Security measures: specific proposals of technical, personnel and organizational measures and procedures (guidelines).

Send a request for quotation

Why us?

Our company has been actively working in the field of information technologies

Our experiences, knowledge and active activity in the field of information technologies enable us to process the security analysis and IT system project in a competent way.

Compliance of the outputs with the intra-company guidelines and processes

Examination of the existing documentation (English) and adaptation of our outputs to the existing guidelines and organisation processes already implemented.

Stability of the company

Continuity of our activity: our company has been working in the field for more than 14 years.

Person responsible for qualified consulting

Ing. Daniel Bednárik, education: Faculty of Applied Informatics, Tomas Bata University in Zlín, field of study: Engineering Informatics, Security Technologies.

Internationally accepted and accredited CISM certificate of the ISACA organisation

CISM (Certified Information Security Manager) certificate is intended for experienced information security managers and has been designed to provide an assurance to the executive management that its holders have the required knowledge and skills to perform efficient security management.

The list of the Isaca Slovakia certificate holders (www link).

Certificate of internationally accredited training IRCA, ISO 27001

Ing. Daniel Bednárik passed an internationally accredited training for external auditors/lead auditors for ISO 27001. The accreditation is covered by IRCA (International Register of Certified Auditors). IRCA Certificate No.: 27416.

Qualified independent auditor of the Regulatory Authority for Electronic Communications and Postal Services

Our company is included in the list of qualified independent auditors for the security audit performance in a company providing public electronic communication services. 

The list is published on the Regulatory Authority’s website (www link).

Liability Insurance

Liability insurance for damage caused when providing the services in the field of information technology security in the extent as follows: EUR 100,000, (Colonnade Insurance S.A.).

Send a request for quotation

CBsoft, s.r.o®. - consultancy in the field of information security.