Personal data protection and Consumer protection

The widespread use of technology by consumers generates a series of data that represent in fact opportunities for companies to understand the needs of their customers, to develop new products and services better suited to their customer’ needs, to personalize marketing, but also represent responsibilities to keep the consumer data safe.

 

Consumer data have the capacity to transform the activities of companies, and in their turn, the companies have the obligation to comply with the legal provisions regarding the personal data protection and consumer protection and the companies are responsible for the management of the data they collect. Failure to comply with the legal provisions entails several risks including sanctions from the authorities, costs, damages, including image damages and loss of customers.

 

By using legal services, the companies understand their responsibilities, are ensuring compliance with relevant legislation in structuring products and services, as well as in expanding and internationalizing their activities, they can mitigate risks thus ensuring stability and predictability in their activities.

 

NewLegalWay provides legal advice on Personal data protection and Consumer protection regarding the following aspects:

 

Personal data protection

 

• Consultancy regarding personal data processing, analysis of the type of personal data , the basis for the processing (lawfulness of processing), the purposes of the processing, the data transfer, the rights of data subjects and the exercise of these rights;

 

• Consultancy on privacy by design and privacy by default in Software Development projects (applications, systems, contact data centers, for more details see the section Technology and Intellectual Property;

 

• Consultancy on Blockchain projects (privacy by design, analysis of purposes and means of the processing, governance system, consensus mechanism, pseudonymisation and anonymisation, data encryption and application of the hash cryptographic function and other aspects regarding controllers) for more details see the Technology and Intellectual Property section;

 

• Consultancy on projects for outsourcing data storage in the Cloud or operational activities to cloud service providers (terms and agreements on personal data processing, data security and confidentiality in the cloud, data encryption aspects, data availability) for more details see the Technology and and Intellectual Property section;

 

• Consultancy regarding the obligations of controllers, joint controllers, processors and the agreements concluded between them (agreements between controllers and processors; agreements between joint controllers);

 

• Advice on consent of the data subject for the processing of personal data (methods of obtaining the consent and its validity in certain circumstances, the burden of proof of obtaining a valid consent, clauses on consent in various types of agreements);

 

• Drafting and amending internal procedures on GDPR (the general policy for personal data processing, the policy regarding the evidence of the processing activities, the policy regarding the retention of the personal data, the procedure regarding the management of the persons’ queries, the policy for anonymous and pseudonymous data, the policy regarding the security of personal data, the procedure for the breach’s notification);

 

• Advice on personal data security, confidentiality, integrity, availability and ongoing resilience of systems;

 

• Drafting templates for consent forms, for responses to requests, queries from data subjects and amending controllers’ agreements with their business partners;

 

• Drafting and negotiating agreements on personal data processing (DPAs) between controllers and processors;

 

• Consultancy on the legitimate interests of controllers and establishing flows for personal data protection;

 

• Training addressed to the employees of the companies related to the protection of personal data and drafting informative documents for the employees;

 

• Drafting notices addressed to certain categories of data subjects (e.g. employees, candidates, customers, visitors, etc.);

 

• Drafting Non-Disclosure Agreements (NDAs) with contractual partners who have access to personal data;

 

• Consultancy regarding the registers of data processing activities;

 

• Advice on GDPR compliance regarding various marketing activities (communications, consent, security incidents regarding online business communications) and digital platforms;

 

• Consultancy on traffic and location data, online profiling (use of cookies to provide advertising based on user profile, interest-based advertising (IBA), online behavioral advertising (OBA), sending advertising messages on the phones of customers in the proximity of shopping centers, offering personalized financial products), for more details see the Advertising and Media section.

 

Consumer protection

 

• Drafting responses to consumer complaints submitted with the National Authority for Consumer Protection (ANPC) and representing companies before the ANPC (especially in cases of telecommunications and banking services regarding abusive clauses);

 

• Legal advice on various aspects of consumer protection by: inserting specific clauses in the sale-purchase and service agreements, by developing internal procedures for solving consumer complaints, establishing a procedure for cooperation between the contracting parties in case of complaints;

 

• Drafting documents for the implementation of advertising campaigns regarding new products and new services, for more details see the Advertising and Media section;

 

• Legal advice to credit institutions and insurance companies on consumer protection issues, both in terms of credit products and in terms of insurance products.