Data Protection

Our data protection lawyers are helping technology, B2B retail, e-commerce, health-tech, marketing, fin-tech, etc. companies to implement data protection (including General Data Protection Regulation GDPR and e-privacy) requirements.

Data mapping of new products or services

  • Helping to map personal data in the organization;
  • Creating sustainable mapping that can be easily updated according to changes in activities. For this purpose, we also offer a SaaS (software) solution, which can also be used for the secure transmission of the documents;
  • Drafting an overview of the necessary activities and priorities to eliminate possible gaps.

Data protection impact assessment

  • Assessing the impact of existing solutions;
  • GDPR compliance assessment of data processing;
  • Assessing the compliance of the company’s software solutions and databases with the technical and legal requirements of the GDPR;
  • Preparing the GDPR-compliant impact assessment documentation.

Data protection documentation

  • Compiling an overview of personal data processing and privacy policies, a compilation of cookie notifications;
  • Preparation of consent forms and integration into the business model;
  • Development of internal rules, including related processes;
  • Preparation of documentation on employment relations related to data protection;
  • Drafting data processing agreements (group company level and external), controller-processor agreements, technical and organizational measures (including cross-border data transfer).

Data Protection Officer’s (DPO) service

  • It is possible to purchase a full DPO service or an in-house DPO advisory service to ensure compliance with the GDPR and other relevant legislation;
  • DPO informs and advises the organization and its employees of their data protection obligations under the GDPR;
  • DPO is monitoring the organization’s compliance with the GDPR and internal data protection policies and procedures.
  • DPO serves as the contact point to data protection authorities for all data protection issues, including data breach reporting.

Risk management and data security

  • Consulting R&D teams within the development process;
  • Risk management and data security;
  • Technical and organizational measures;
  • Recommending software solutions (anonymization, encryption, records of processing, consent management, cookies, etc);
  • Processing of the handling of privacy incidents (e.g. reporting to the regulatory authorities);
  • Reacting to privacy incidents.

Data Protection Officer’s (DPO) training

  • Providing bespoke DPO training courses based on the client’s profile;
  • Helping the DPO understand the requirements of GDPR applicable to the company;
  • Training for employees that takes into account the specifics of the organization. Sectoral training provides more relevant information (customer service, sales department, marketing analytics, IT development, finance, etc.).

Representation in personal data disputes

  • Representing and advising the data controller or processor in supervisory and judicial proceedings concerning data protection law.
« Back to areas

Ready to get started?

Have we sparked your interest? Do you have a question you would like to ask us? How can we help you get started?

Hedman

Our memberships:
FinanceEstonia,
Teenusmajanduse Koda,
EstVCA, EstBan, FECC,
IBA & IBA European regional Forum