The third level of services focuses on the types of activities that the body needs in the context of the obligations associated with  GDPR or activities which the body needs to carry out continuously.

Such services include the provision of DPO – personal data protection officer.

PD or OU = personal data.

Basic list of activities offered:

  • Responsibility for:
    •  mapping the internal environment of the subject with regard to the implementation GDPR ,
    • inventory types PD to which the agency is working and what is the legal title and the purpose of this process,
    • identifying high-risk areas that need to be addressed, so that the body has been brought into line with  GDPR rules
    • normative consensus on the performance of the Regulation of the EU on the issue GDPR
    • transparent system of processing and handling  PD
    • an analysis of risks and its periodic evaluation (evaluation)
    • control, setting responsibilities, security of stored data and the set of processes within the organization with regard to:
      • RISK (Risk Management System), ISO 31000
      • QMS (Quality Management System), ISO 9001
      • ISMS (Information Security Management System), ISO 27001
    • independent audit regarding compliance with Regulation EU to  issue GDPR the subject
    • Code for preparing PD protection , if contractual clauses
    • processed list of CAs that are subject to processing
    • timely reporting of breaches of security PD to Office for Personal Data Protection
    • practical application of the interpretation GDPR to specific processes and activities of the entity.


  • checks:
    • processes and methodologies and issuing proposals and recommendations to update them
    • making proposals for action in the areas of physical, personnel, administrative and information security (data classification, the impact of loss or theft of internal data) and cyber security


  • Scope as:
    • mediator in relation to subjects PD protection
    • methodologies in relation to the controller and the processor PD
    • the person responsible for the preparation and execution of queries and requests of the complainants


  • Making suggestions:
    • measures to PD protection in the subject
    • protection settings PD (intentional Standard)


  • assessment:
    • links to the architecture of IT systems, applications and communication channels in relation to the registration of the CA , including the impact on information security in the field of local authority , evaluates potential risks and proposes measures to eliminate them


  • monitoring:
    • Legal amendments in relation to  GDPR and suggests internal regulations to update and supplement in case of adoption of a new national or European legislation


  • Communication:
    • the  OPPD on matters relating to PD protection


  • Supervisor:
    •  Protection PD in society within the organization ensures control of that system exists to protect the PD .