Practice area

GDPR - audit, rollout and monitoring

End-to-end GDPR / RODO compliance services for businesses in Poland: audit, documentation, rollout and ongoing monitoring of your data security posture.

What is GDPR?

A regulation that applies to every business

The General Data Protection Regulation - Regulation (EU) 2016/679 of 27 April 2016 - has applied across the European Union since 25 May 2018. It covers every entity that processes the personal data of natural persons, from sole traders to large corporations.

GDPR compliance is not a one-off project - it is an ongoing process covering documentation, training, technical and organisational procedures and periodic audits. Inadequate data protection can mean administrative fines of up to €20 million or 4% of annual turnover.

Our method

Four stages of GDPR implementation

A proven procedure we've been running since 2018 for clients in e-commerce, hospitality, healthcare and manufacturing.

1. Legal & IT audit

We identify your data sets, processing activities, legal bases and technical risks. The output is a report listing every gap to close.

2. Recommendations

Policies, internal rules, privacy notices, data processing agreements, records of processing and incident response procedures.

3. Rollout & re-audit

We deploy the recommendations (technical and organisational), then re-audit 4–6 weeks later to confirm GDPR compliance has been achieved.

4. Ongoing monitoring

Quarterly security tests, documentation updates and continuous advisory so GDPR compliance becomes a permanent standard, not a one-off project.

Controller obligations

What every business must have in place

The most common gaps we see during audits. Each of these is covered as part of a complete GDPR implementation with Kiran.

  • Appoint a Data Protection Officer (DPO) where required
  • Record of Processing Activities (RoPA)
  • Privacy notices for customers, employees and contractors
  • Personal data protection policy and IT security procedures
  • Data processing agreements with subcontractors
  • 72-hour data breach notification procedure
  • Staff training and proof of competence via a final test

GDPR - frequently asked questions

What is GDPR (RODO in Polish)?

GDPR - General Data Protection Regulation (EU) 2016/679 of 27 April 2016 - has applied across the EU since 25 May 2018. It sets a single European standard for processing personal data.

Does my company need to be GDPR compliant?

Yes. GDPR applies to every organisation that processes the personal data of natural persons - regardless of size, legal form or industry. That includes customer, employee and supplier data.

What are the penalties for non-compliance?

Administrative fines can reach up to €20 million or 4% of annual turnover - whichever is higher. The lower tier of sanctions is €10 million or 2% of turnover.

How long does a GDPR implementation take?

Typically 4–8 weeks depending on company size and the number of processing activities. The project covers audit, recommendations, rollout and a final re-audit.

Do you serve clients across Poland?

Yes. Legal audits and rollout can be delivered remotely. On-site visits are available in Warsaw, Pruszków and the wider Mazowieckie region - and across Poland on request.