Poznań: + 48 61 22 23 997        Warszawa: + 48 22 506 52 42
Sommerrey & Partners Sommerrey & Partners

What we do

We invite you to familiarize yourself with our services.
In each field, which we do, we have a team of experienced and qualified experts.

GDPR – Personal data protection in companies


From 25th of May 2018, new personal data regulations will come into force. Current reconstructive implementation of the legal regulations will no longer be sufficient. Upon Regulation (EU) 2016/679
of the European Parliament and of the Council
of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), new obligations will be imposed on entrepreneurs. From this day, the entrepreneurs will be compelled in involvement of building their own personal data protection system, which shall be adequate to the business profile of their enterprises. Financial penalty for default in meeting those obligations can reach up to 20 million euros or to the value of 4% of annual global turnover.

The GDPR requires that the entrepreneurs will solely determine the nature of the personal data
in their possession and risks associated with their proceedings. They will also be obliged
to implement appropriate safeguards.

We kindly invite You to co-operation. Our specialist will help You through the process of adapting Your organisation to the new legal regulations.

Internal audit

As a part of the service that our Company provides, we analyse the situation of processing personal data within our Client’s enterprise and, if needed, we indicate possible changes. The auditors
are especially interested in:


Current status of security of personal data which is processed also should be determined. As a part of organization’s audit, a checklist is prepared, upon which a final report from audit is made with recommendation for further actions.




The next step is a suggestion of safeguards and their implementation. Depending on current situation, it will either be a matter of refining already existed solutions or creation of a new security system from the scratch.



There are 3 categories of security which should be implemented within a new security system:


Material – security of all of the documents containing personal data e.g. by assigning separate rooms in which such documents will be stored, with access limited only to authorized individuals with special cards/keys to this room or by installing a video surveillance system within area where
such documents will be stored.

Organizational – development and implementation of procedures and byelaws which protect personal data, conduction of training for the employees regarding the subject of principals of data protection etc.

Technical – implementation of security systems for computers, tablets, office telephones and other devices
or carriers on which personal data may be found. Proper organisation and security of a computer network, regulation on a matter of backup copies, password policy etc.




Thereafter, the following, adapted to the organization documents shall be prepared:




As a part of our co-operation with the Client, our Company conducts necessary  training for every person within the organization, who will have access to  the processing of personal data.


We will also summarize the completed work by submitting a report of implementation of
personal data security system which was prepared for the Client.


After the implementation, for a limited duration of time, our Company will support You within
the range of the new personal data security policy.

Jeśli potrzebujesz wsparcia w tym zakresie to zapraszamy serdecznie do kontaktu:

+48 61 22 23 997


Our experts

Hubert Sommerrey
attorney-at-law / mediator / managing partner

+48 61 225 48 70

Contact with expert
Show all experts
pl   en