Creating solutions together with you
We wish to advise clients in which direction to go, create solutions together with them and make them grow and adapt better to constant changes. The future is not created by itself. Let’s design it together.
Honesty, consistency, respect, responsibility, client and client’s needs, continuous improvement - these are the values we follow when implementing projects.
GDPR audit and implementation
As part of our service, we will provide you with professional assistance within the scope of activities covered by the GDPR, while trying to explain to you the intricacies of the regulation. We have experience in implementing GDPR in large organizations. We work with experienced partners who support us in all areas of the GDPR implementation.
It should be remembered that the audit is multidimensional and interdisciplinary. It covers many aspects, such as the security of information and IT systems, the way processes are implemented and managed in the organization, the functionality of applications or systems and business continuity. The Data Protection Authority has repeatedly emphasized standardization. Thus, there are many possibilities to integrate and optimize processes to ensure compliance.
Our service includes:
GDPR compliance audit for your organization;
process specific audit (audit of GDPR documentation, audit of DPO activities, IT / HR / marketing audit, loyalty programs, audits of websites and mobile applications, etc.);
audit of completed implementation projects;
support in implementing changes indicated in the audit results along with project support;
assistance in completing the unfinished implementation of the GDPR;
preparation of documentation.
analysis of compliance and the legal basis for the data transfer outside the EEA;
support in obtaining the permission of the data protection authority for data transfer outside the EEA;
support in negotiating the conditions for the data transfer outside the EEA;
supporting the process of approving binding corporate rules;
support in the authorization of transfers based on approved codes of conduct and certification mechanisms;
setting rules for entrusting and sharing data between business entities and preparing data transfer maps (both between business entities and systems / processes);
determining whether there is a need to use a data processing agreement;
development of a data processing contract and consultancy, how to carry out the verification of the processor with adequate legal support;
support of the Controller in the audit of the processing entity in accordance with the contract.
The documentation set contains, among others:
personal data security policy;
templates of agreement for entrusting the processing of personal data;
a procedure for handling data subjects' requests;
a procedure for the assessment and notification of incidents/breaches;
a template of the record of violations of the protection of personal data;
a template of the register of records of processing activities;
a template of the register of records of all categories of processing activities;
an exemple list of retention periods of personal data;
templates of information clauses;
templates of consent clauses;
risk assessment and assessment policy of processing, so-called DPIA, Privacy by Design, Privacy by Default);
guidelines regarding the appointment of the Data Protection Officer.
We will also help in the creation of documentation for ISO standards such as ISO / IEC 27001 - Information security, ISO / IEC 20000 - IT security, ISO / IEC 22301 - Business continuity management. It can be even more than 40 documents that may apply to your organization.
analysis of procedures and methodologies used by the Customer, including the approach to privacy by design / privacy by default;
support in developing a risk assessment methodology based on internal procedures and customer expectations or proposing a ready to use approach;
developing a risk assessment procedure (methodology, processes, roles and responsibilities);
conducting a risk assessment of personal data processing;
conducting a data protection impact assessment.
DPO function / DPO support / DPS
In some cases, the GDPR requires entities that process personal data to designate a Data Protection Officer. DPO tasks include supervising the compliance of organization proceedings in accordance with the regulation. Performing the duties of the DPO is time-consuming, requires knowledge and being up-to-date with the changing law. By using our services, you can entrust us with the function of DPO or get support in the field of ongoing coordination of personal data protection processes in a form of a data protection specialist when you do not need a formal DPO.
As part of our services, we offer:
performing the function of a Data Protection Officer (DPO);
replacement of the DPO in the enterprise during absence;
acting as a personal data protection specialist (DPS) - support when there is no need to appoint a DPO.
Outsourcing DPO function outside of a company or organization provides:
greater efficiency in terms of cost ratio and time-consumption of the DPO function;
avoiding conflicts of interest;
no additional costs for an organization related to education and qualifications improvement while performing DPO function.
Our activities in the scope of performing the above functions include:
regular and ad hoc audits of the personal data protection system;
cooperation in the development and updating of security policies and procedures for the processing of personal data;
support in conducting and periodic verification of the register of records of processing activity or categories of processing;
raising the level of knowledge in the field of personal data protection through training for your employees and associates, management;
help in directing business processes in terms of compliance with provisions the data protection regulation;
issuing opinions on documentation regarding compliance with provisions the data protection regulation;
support in the event of personal data protection incidents/breaches;
support in implementing the security of networks and information systems;
advice on carrying out data protection impact assessments;
taking over contact with the Data Protection Authority;
support before and during audits by the Data Protection Authority;
preparation of correspondence in matters related to the processing of personal data.
Visualizations in contracts and documents
We make even the most complicated contract brighter. This increases the efficiency of your organization.
Effective contract management
We provide comprehensive support for the entire contract lifecycle, contract and business relations management (contract & commercial management).
These are activities both PRE and POST contract award, which include reviewing, drafting and negotiating contracts, as well as thorough control of the performance of a given signed contract until its completion.
Contract management focuses on maximizing profits and minimizing risk in contracts.
Contract management allows the organization to maximize the value of business relationships.
Contract management relies on relationship and risk management to ensure that both parties achieve the originally desired result. All elements such as cash flow, income, liability management and all other areas around it arise from this simple assumption.
It is an interdisciplinary science that focuses on technical and operational knowledge, trade and negotiation skills, as well as regulatory and legal matters.
It is a collaboration between silos / functions in an organization in pursuit of a business goal.
For contract management, a simple contract repository is no longer sufficient, no matter whether it is a network drive or a simple application.
Well-organized contracts are also a matter of compliance with many regulations regarding the fight against corruption, fraud prevention, ethical violations, personal data protection, anti-money laundering and others.
Large and dynamically growing small and medium-sized enterprises may encounter, among others, the following challenges:
too long preparation of contracts and lost sales opportunities;
work in organizational silos causing information noise and lack of cooperation;
unknown number and value of contracts;
data fragmentation and improper transfer of the contract to implementation teams;
unclear or overly complex approval requirements;
negotiations conducted without negotiation expertise;
insufficient use of contract templates and a repository of clauses;
lack or burdensome risk management;
unclear roles and responsibilities in contract management;
lack of workflow automation;
contracts kept in many different locations and insufficiently secured.
over-reliance on physical contract copies;
failure to meet contractual obligations; the risk of penalties, the lack or dispersed information about the contract;
overpayments, underpayments or unutilized discounts;
inadequate revenue protection;
the contracts expire, and no one notices the upcoming renewal moment;
missed opportunities for cross-selling or additional sales;
repeated verification of the same contract due to the lack of its summary, which involves unnecessarily many people and triggers rework;
ad-hoc reviews due to different requirements (regulatory, internal) without proper tools involving time that could be devoted to customer service or sales.
Better contract management is:
efficiency and productivity;
more efficient operation and integration of various functions / silos in the organization;
greater market competitiveness (faster contracting and implementation);
making better business decisions based on real data and knowledge;
negotiating more profitable contracts through planning;
better conditions and more transparent contracts, including contract visualization;
faster revenue recognition;
reducing the risk of losing revenue;
better use of renegotiation opportunities;
avoiding contractual penalties;
ensuring compliance with contractual obligations and more effective business relationships;
faster conclusion of contracts, which is extremely important from the sell side;
hidden added-value leakage prevention.
What we can do in addressing key elements of contract management:
We will support the organization in the process of RFx or responses to RFx.
We will help in negotiating and creating a contract both before its conclusion and during the contract's implementation and its changes.
We will improve the integration of contract management and relationship management to provide tools and methods that create value while maintaining control.
We will support in ensuring compliance with strategic goals and business decision making while managing business partners in your organization.
We will transform the negotiations to allow better selection of partners by matching the goals.
We will check the organization's maturity level in terms of contract management based on the IACCM methodology.
We will support you in choosing the right technology to support the analysis of transactions, contracts and portfolios (including blockchain and smart contracts) and proactive risk management.
We will help you evaluate the transparency of agreements used in the organization and design them from scratch using the "legal design thinking" approach and graphic visualization for a better understanding of the content.
We will propose a change to shift the focus of contractual terms to achieve a better framework of collaborative relationships that will ensure efficient results management and reduce redundancy in repetitive contract reviews and negotiations, adding value to the organization.
We will help in extracting information from contracts by means of appropriate tools that can analyze contracts in terms of specific provisions (contract analytics), separate sections of the contract, indicate obligations or responsibilities of the parties without tedious, manual analysis.
We will train staff in the contract and commercial management both on the procurement and sell side.
BPM Process modelling and improvements
We help clients oversee and build correct business relationships. Thanks to us, it will be easier to maintain impeccable contact with clients and contractors or interactions between the functions in the organization.
As part of our service:
We will identify key organizations’ processes.
We will help to simulate the operation of new processes.
We will help to establish measures to monitor the effectiveness of the process and their business owners.
We will conduct a review of the processes and their classification and illustrate the links between them.
We will identify areas of improvement and model a new process together with a proposal to improve it and highlight appropriate internal control elements.
We will support in the selection of a technology and supplier suitable for the automation of document management or decision workflows.
The above help each organization significantly improve business continuity, Contract Management, security and compliance with the GDPR.
We will create a general model of processes for the entire organization or its selected area as well as detailed maps, i.e. define the inputs, outputs, measures and actors for individual process steps along with descriptions and dependencies.
Process documentation will also allow for the creation of Standard Operating Procedures, i.e. instructions’ manual. Thanks to this, new people will adopt easier to their duties or while replacing others during the absence of a given employee and tasks will be easier to manage. In addition, knowledge will remain in the organization in a situation when for some reason there will be organizational changes in the company.
We will help with IT systems and information security in the field of personal data processing and contract management.