Compliance, strategy, standards

GDPR - personal data protection

In line with the EU General Data Protection Regulation (GDPR), new data protection regulations will be enforced from May 2018. The regulation will fully replace national personal data protection regulations.

We support every organization in ensuring compliance with GDPR, taking it through the following 10 steps:

Compliance assessment

  1. Data inventory – including discovery of personal data processed, assessment of relevance and sensitivity, storage and processing locations, persons accessing personal data and data processing approach and process.
  2. Analysis of risks associated with data processing, technical and legal aspects.
  3. Assessment of security measures used in IT systems, contracts with subcontractors, analysis of clauses with customers.
  4. Recommendation on how to improve your data processing facility technically and legally.


  1. Compliance plan – improvement activities in the areas of procedures, standards, processes, organization and technology.
  2. Implementation and integration – preparation of privacy policy, design of technical solution architecture, preparation of procedures for the implementation of the rights of people to whom they apply, preparation of legal clauses, preparation of contracts with subcontractors, preparation of security incident documentation, implementation of changes in IT systems.
  3. Incident monitoring, detection and interpretation of security incidents.

 Operational management

  1. Reduction of the impact of incidents, communications to customers, notification to regulatory authorities, securing and fixing IT environment, legal protection.
  2. Ensuring continuous compliance, monitoring the performance of the data processing system, implementing the necessary adjustments, maintaining security and compliance with GDPR.
  3. Building awareness, training and engaging in the process of maintaining security.


IMMUSEC Sp. z o.o.

ul. Chłodna 52
00-872 Warszawa, Polska
Tel. +48 22 205 4800