HOW WE CAN HELP YOU

for organizations

Remember the typical “GDPR comes with huge fines” fearmongering advice? That’s not us.

Your business needs to process personal data and we’re here to help you do that while complying with data protection legislation. The GDPR places many requirements on organizations and data protection compliance is becoming increasingly demanding. That is why we do not sell any one-size-fits-all solutions, and tailor our advice to each individual business and organizational processes. We start by understanding the business needs and we step outside of the “data protection laboratory” into the real world.

The GDPR prescribes two typical roles for an organization: data controller (alone or jointly with other controllers) or data processor. Based on the role in each processing activity, we’ll explain what you need to do to comply with privacy laws. This section is a snapshot of the usual services we provide for organizations.

Assistance in meeting GDPR requirements

GDPR includes a vast array of obligations for data controllers, summed up under the principle of accountability. We regularly help clients implement processes and design mechanisms to demonstrate compliance with all such legal requirements, including the records of pr­­ocessing operations (which we also tailor to the needs of the client), data protection impact assessments (where we assist clients with very complex risk assessments and mitigation), data protection agreements, personal data breach assessments, and not least consultations with the data protection supervisory authority.

Legal design

We are very skilled in drafting information notices and other materials that need to have an accessible language and be easily understood by the general public. Our documents are not just lawyer readable but human readable, ensuring that you meet the GDPR requirements to use an intelligible and easily accessible form, as well as clear and plain language. We also design adequate methods to bring the information to the attention of its addressees, whether this is on a website, on a smart terminal, on a board or others.

Training on EU data protection law

Our customised training programs are constantly hailed as being professional, informative and also fun.  Our practical approach backed by a long experience dealing with data protection issues has been widely praised by our clients.

E-Privacy compliance

Data protection is not just about GDPR. We also advise clients in complying with the requirements related to direct marketing, as well as cookies and other tracking technologies. Moreover, since the future ePrivacy Regulation is currently being negotiated at EU level, we keep our clients informed about the process.

for individuals

Empowering persons to take control over their data

Individuals (data subjects) enjoy a wide range of rights in relation to how, by whom and for what purpose their personal data is being processed. GDPR has tightened the control individuals enjoy over how their personal data is being processed, with an increased scope of data subject access requests, broader right to erasure of data, broader right to restrict the data processing and to object to the processing, a new right to data portability, while controllers have strict deadlines in which they must respond. The exercise of these rights and the interaction with entities that process personal data (sometimes unlawfully) can be difficult for an untrained individual. But we are here to help.

Receiving accurate information on the data processing activities

Do you want to know what data a certain entity processes about you, for what purpose, for how long and to whom it was transferred to? We can help you obtain this information.

Subject access requests

You have the right to receive a copy of the data being processed about you by an entity, and we can help you receive it. You can also request information about the reasoning behind any automated decisions, such as a computer-generated decision to grant or deny credit, or an assessment of performance at work (except where this information is a trade secret).

Raising complaints over the processing of your personal data

When your issue with the entity processing your data cannot be solved amicably, we can guide you in filing a complaint with the data protection authority.

Raising concerns over the use of personal data

If you believe an entity processing your personal data does not have a lawful ground to process some or all of your data, holds inaccurate information about you, has unlawfully disclosed information about you, is keeping information about you for longer than is necessary, is not keeping your information secure, or has collected information for one reason and is using it for something else, we can assist you in asking the entity in question to remedy these matters.

OUR ATTORNEYS

Andreea LISIEVICI

Partner, CIPP/E


Andreea has over 10 years of experience in commercial privacy and business compliance legal assistance. She graduated an informatics high school and is very well-informed in terms of new technologies, which gives her the special advantage of understanding the technical issues behind privacy laws, thus becoming very efficient in providing legal assistance related to the more technological privacy matters, such as cloud computing, cybersecurity, behavioural advertising, or surveillance of employees. She has also acted as counsel in IT-related arbitral disputes. Andreea is also a skilled trainer and public speaker, as well as a proficient writer of articles and academic papers. She is certified as a privacy professional (CIPP/E), business compliance professional, trainer and project manager.

Roxana GUIMAN

Senior Associate


Roxana is an attorney at law since 2012, and starting with 2017, her activity focuses almost exclusively on data protection related matters, being involved in projects for clients in a variety of industries. Roxana began her career by handling primarily IP and IT&C matters. Her previous experience of over 3 years as Senior Contracts Specialist for Oracle, both in the Bucharest and in the London office, gave her valuable exposure to the IT industry and a set of skills of much help to her activity as a lawyer. Roxana joined the PrivacyOne team at the beginning of 2018, when PrivacyOne partenered with Biris Goran, supporting the goal of building a specialized data protection practice, unique in Romania.

Dana UDUDEC

Associate, CIPP/E


Dana has a solid background as a lawyer promoting fundamental rights, and in particular the rights to private life and data protection. Since 2014, after joining the Bucharest Bar, she has been active in transnational legal projects and human rights investigations, often involving complex and interdisciplinary work. Dana closely monitors the impact of data protection legislation on the freedom of expression and manages the Privacy4Press.ro platform which is aimed at explaining privacy for journalists. She contributes to PrivacyOne’s articles on data protection related matters and is a CIPP/E and a certified trainer.

About Us

We don’t sell GDPR software or templates and we won’t magically make you “GDPR compliant”.

We do, however, come up with practical solutions to your data protection and privacy problems and empower your organisation to learn to handle them in the future.

Current events

Get in Touch with Us

Bucharest, Bd. Aviatorilor nr. 47, etaj 2, sector 1, 011853, Romania

Email: contact@privacyone.ro