Conducting a GDPR audit of a group of dozens of companies around the world

Konieczny Wierzbicki’s lawyers performed an audit in terms of verifying the level of adaptation of companies from a group of several dozen companies all over the world to the rules on personal data protection, as well as provided legal support for the Group in preparation for the conclusion of binding corporate rules (BCR).

Additionally, the law firm reviewed and validated Records of Processing Activities (a global register of all processing activities within the Group internationally), making sure all registered business activities are in line with GDPR and if not, advised on how they should be remediated.

Our lawyers made sure personal data were collected in line with the law, as well as advised on the compliance and lawfulness of the data transfers, especially to the Third Countries, making sure all contractual requirements are in place.

The advisory also included legal support in terms of security measures to be implemented and the role of the data controller, processor and joint-controller. Moreover, we verified if the applications and systems used for data processing are GDPR compliant (access restrictions implemented, data deletion enabled, access on a need-to-know basis, security measures in place etc.). The work was performed nearly fully in English.