Data Protection Officer Services

A new position has appeared in the General Data Protection Regulation (GDPR) – the Data Protection Officer (hereinafter referred to as the Officer or DPO) who must ensure that the organization properly implements the requirements of the GDPR. The Officer (DPO), within the scope of the granted powers and assigned functions, must represent the data controller or processor in the relationship with data subjects and the State Data Protection Inspectorate (SDPI). The main duty of the Officer (DPO) is to help ensure the data controller and/or processor the rights and freedoms of the data subjects provided in GDPR.

An Official (DPO) must be appointed when:

• Data are processed by public authorities or institutions, except for courts, when they perform judicial functions;
• The main activity of the data controller or processor is data processing operations, the nature, scope and/or purposes of which data subjects are regularly and systematically monitored on a large scale;
• The main activity of the data controller or processor is the processing of special categories of data on a large scale or the processing of personal data on criminal convictions and criminal acts on a large scale.

The EU Article 29 Data Protection Working Party Guidelines state that that nothing prevents an organization that is not legally obliged to appoint an Officer (DPO) and does not wish to appoint one on a voluntary basis to still employ staff or hire external consultants to carry out tasks related to the protection of personal data.

Data controllers and processors must implement appropriate technical and organizational data security measures to ensure a level of security commensurate with the risk. Infringements of the General Data Protection Regulation (GDPR) may result in administrative fines ofup to 2 – 4%. of the previous financial year’s total annual global turnover, or up to 10,000,000– 20,000,000 euros.

• We inform the data controller or processor and data processing employees about their obligations
• We prepare personal data protection policy and documents regulating its implementation
• We perform a data protection risk assessment
• We perform a data protection impact assessment (DPIA)
• We organize personal data protection training
• We coordinate the management of personal data security breaches
• We cooperate with SDPI, perform the functions of a contact person when contacting SDPI with questions related to data processing

• The personal data protection policy and its implementation documents have been prepared and periodically updated
• A data protection risk assessment has been performed. Personal data protection vulnerabilities, threats and risks affecting the organization’s activities and business continuity have been identified and assessed. A plan of risk management measures has been prepared for unacceptable risk management
• A DPIA has been performed. Data processing operations, purposes and legality are described. An assessment of risks to the rights and freedoms of data subjects has been performed. Proposed measures to eliminate risks to data subjects. The conclusions of DPIA are presented
• Personal data protection trainings are organized, employees are provided with assistance and consultations
• The management of personal data security breaches is ensured. Managed breaches of personal data security in accordance with GDPR requirements
• Cooperates with SDPI, performs the functions of a contact person when contacting SPDI with questions related to data processing
• GDPR implementation is monitored. The implementation of GDPR is monitored and data controllers or processors and data processing employees are informed about their obligations

• Continuous management of the organization’s personal data protection is ensured
• Personal data security risks are constantly assessed, and measures are implemented to manage them
• The qualification of employees in the field of personal data protection is raised and maintained
• The implementation of the GDPR is monitored and data controllers or data processors and processing employees are informed of their obligations
• Cooperates with SDPI, performs the functions of a contact person when contacting SDPI with questions related to data processing
• Compliance with the requirements of the legal acts of the Republic of Lithuania and GDPR is ensured

• A Compliance Assessment Project Has Been Implemented in the State Tax Inspectorate
• A Compliance Assessment Services for Government Information Resources and Communications and Information Systems Managed and Managed
• National Health Insurance Fund User Identity and Rights Management and User Registration and Control System Implementation Project
• Independent Electronic Health Services and Collaboration Infrastructure Information System (ESPBI IS) Security Audit Project of SE Center of Registers