Our Data Protection team performed an opening audit and then, based on the outcomes of the audit provided assistance in implementing rules of processing personal data for a group of companies operating in IT sector and employing several hundred people with clients all over the world (in Europe, Asia and North America). This included preparing in internal documents and procedures as well as preparing data exchange rules in a group of companies including Polish and US (i.e. drafting and negotiating framework data exchange agreement) in order to regulate a complex and sophisticated network of connections between the companies within the group, that closely cooperate with each other and provide services both internally (for other companies within the group) and externally (often to big and recognisable clients from other regions and from highly regulated sectors such as finance or insurance).
As part of our tasks, we helped, among others, in the implementation of the requirements of the GDPR for such products as the system for handling reservations and customers in hotels offered in the Software as a Service model and used in countries around the world. We also helped to develop direct marketing rules for companies from the group – for a dozen different countries on several continents operating in different legal systems.