Services /

GDPR Compliance / GDPR Lawyer / GDPR Attorney

Discussing details

Why do you need to develop documents for GDPR Compliance?

To do business in Europe: sell goods and provide services.
To collect and process user data from the EU on the Internet.
To conclude contracts with clients and work with partners in the EU.
To hire employees from the EU.
To connect payment systems.
To publish and monetize IT products.
To get access to the data of European giants in Fintech, Biotech, Medtech, InsurTech, Real Estate Tech, TravelTech, and provide IT services.
To ensure the protection of personal data in organizing work with employees and contractors.

info@stalirov.lawyer 100 Overlook Center, 2nd floor, Princeton, New Jersey, 08540, USA

Ask an IT lawyer a question

Who should implement the GDPR?

Companies that have permanent or temporary representative offices in the EU
Companies that collect data from EU citizens
Companies that cooperate with organizations that have already implemented the GDPR

GDPR Compliance / GDPR Lawyer / GDPR Attorney в IT юрист STALIROV&CO 1

5 reasons for GDPR violation fines

There is processing of personal data without the permission of the owner.
Bank Innovasjon Norge was fined $95,500 for a non-contractual credit ability check. The bank analyzed financial data without the consent of the owners.
No measures have been taken to protect personal data.
Vodafone España paid a $100,000 fine. The company has taken no steps to avoid calling numbers from a list of customers who have opted out of advertising.
The users’ requests to provide or delete data are ignored.
Google paid a fine of $7,000,000. The corporation has not removed personal information from search results at the request of users.
The organization of Data Protection Officer’s work does not comply with the requirements of GDPR.
Proximus SA was fined $50,000. The company didn’t have a mechanism to prevent a conflict of interest with Data Protection Officer, who also held other positions (Head of Compliance and Audit).
There is informing the regulator about data leakage with delay.
Twitter paid $450,000 for not reporting the leak on time. Some private tweets may have been displayed in the public domain.

What documents do IT lawyers develop under the requirements of the GDPR?

Data Processing Agreement
We obtain consent from customers, employees, and partners to process the personal data.
Security Policy
We describe what security measures the company has implemented.
Data Breach Response and Notification Procedure
We determine the algorithm of actions in case of data leakage and the procedure for informing the regulator.
Personal Data Storage and Disposal Policy
We reveal where the information is stored and for how long.
Access level policy
We define roles: controller or processor and types of functional duties.
Instructions for employees on handling personal data
We explain to employees who is involved in the processing of personal data and the level of their responsibility.
GDPR Questionnaires
We undergo initial audits for the level of compliance with GDPR requirements by customers from the EU.
International transfer policy
We determine the conditions for transfer of personal information to other countries.
Privacy Policy and Cookie Policy
We obtain permissions to collect and store information about the behavior of users of IT products for marketing practices.

Facts

According to a study by the international law firm DLA Piper, from January 26, 2020, to January 27, 2021, GDPR fines increased by 40% and amounted to 158,500,000 USD. Data protection authorities registered 121,165 data breach notifications (19% more than in the previous 12-month period).

In 2020, Google was fined $50,000,000, H&M $35,000,000, and British Airways $22,000,000.

Cases from IT lawyers

The Stalirov&Co Team adapted the client's software product to GDPR requirements

We were approached by a company that developed a task manager used by German citizens. Therefore, an IT product must comply with the requirements of the GDPR.

For GDPR compliance IT lawyers:

conducted legal audit of the information with which the company works;
laid down a roadmap for the processing of personal data;
prepared contracts with a team of information processors;
developed 11 policies and procedures on privacy and personal data processing requirements;
turned to a certified organization in the EU to check for violations.

Latest cases

All cases

SIA Simata Software products and startups

The Stalirov&Co team has draw up Terms of Use and a Privacy Policy for SIA Simata, which is a platform with analytics and news about currency, stock and other securities markets

Our team described the functionality of the platform and disclaimers. We obtained from users permission to collect and use personal data for marketing purposes and warned about the Cookies usage.

Point2Web WEB studios and DIGITAL agencies

Subscriber maintenance for a marketing agency from the USA

The Stalirov&Co team developed a company structure in the US and opened a subsidiary in the EU. We drew up contracts with the team in Ukraine, Canada and Estonia and audited contracts with clients, advertisers and partners.

Youwex Software products and startups

The Stalirov&Co team has drawn up the User Agreement and the Privacy Policy for Youwex — freelancing, training and networking platform

IT lawyers connected the Fondy payment system and fulfilled e-commerce and consumer protection laws’ requirements. They explained how Youwex collect and process personal data under the GDPR.

Trivia Quiz IQ Brain mind game Software products and startups

We fulfilled App Store and Google Play requirements and described the way of game monetizing

Island 211 Software products and startups

Stalirov&Co team drew up Terms and conditions for simulation online game

IT lawyers met the requirements of publishers and payment system: defined monetization processes and set age limit for players.

Hypelitix Software products and startups

The Stalirov&Co team draw up the Terms of use and the Privacy Policy for a service that allows users tracking the Instagram influencers’ activity

IT Lawyers described the product features and wrote items on payment for services and refunds to fulfill the payment system requirements and connect it. We have met the CCPA/GDPR requirements to lawfully process public information from Instagram social network.

Songbook Software products and startups

The Stalirov&Co team formalised the Songbook musical content platform monetization

IT Lawyers drew up Terms of service for end users and wrote exclusive and non-exclusive licences to get the right to post and promote content.

Insurancehunter Software products and startups

We fulfilled CCPA and GDPR requirements for the platform where insurance companies' products are promoted

The Stalirov&Co team designs internal and external documents to comply with GDPR requirements.
We conduct primary audits of personal data processing activity in companies.
IT lawyers examine Data Processing Agreements that customers send to the company.
We help fill out the GDPR-questionnaires from customers from the EU.
Our team develops policies and contracts about processes in companies.
We perform the functions of a Data Protection Officer.
The Stalirov&Co company prepares the company for GDPR certification.
Our GDPR attorneys represent IT companies if disputes on personal data processing arise.

Conduct a GDPR audit