Price from BGN 900 (excl. VAT) to BGN 9 500 (excl. VAT)
The price depends on the complexity of the organization, number of the processed personal data, types of data processing activities, existence of specific cases. It is determined after the company/ organization has completed a preliminary questionnaire.
Main activities included in the service
Analysis of the personal data processing activities related to the company’s/ organization’s scope of activity and recommendations for improvement
Main areas of analysis and assessments:
- Personal data and data processing activities in the company/ organization;
- Lawfulness of processing;
- Revision and determination of the legal basis;
- Compliance with the transparency principle;
- Storage limitation;
- Data minimization;
- Determination of the processors and joint controllers;
- Applied policies, procedures, rules, contracts with third parties;
- Risk analysis/ assessment along with an overview of the existing technical and organizational measures for personal data protection;
- Recommendations for optimization or implementation of technical and organizational measures for personal data protection.
Preparation of documents
After the analysis, the necessary documentation will be drafted, including:
- Personalized privacy policies;
- Personalized procedures in order to comply with the requirements of the law (like Procedure for Processing of Data Subjects Requests, Procedure for reaction/notification in case of personal data breach, etc.);
- Declarations (like Privacy Notice, Declaration from an Employee, etc.);
- Registers (like Register of the Processing Activities, Register of Data Subjects Requests, etc.);
- Forms, Applications (like Request from a Data Subject, Data Breach Notification to the Supervisory Authority, etc.);
- Agreements with third parties (processors or joint controllers);
- Risk assessment;
- Data protection impact assessment (if mandatory prerequisites are in place).
