Preparation of companies for GDPR Preparation of companies for GDPR

A new law on personal data protection brings better control for citizens over their data, high demands on companies to meet the standards of the law and threat of a penalty of half a billion.

Since 25 May 2018, the GDPR has been the official data protection law in all EU states, overriding national legislation.

We will help you prepare for the GDPR and take care of the smooth conduct of compliance with this law.

What audits and consultations do we offer?

  • Analysis of the current state of company security
    Based on the workshop and subsequent analyses (GAP analyses, Business Impact Analyses, Data Protection Impact Analyses, etc.) we will help you identify critical points of your corporate security and assess the level of security risks.
  • Ensuring technical and organizational measures of personal data protection for your company
    Based on the information obtained, we will recommend procedures and protocols that need to be put in place to ensure organizational arrangements for personal data. We will also help with the proposal of changes to the company's information system so that it complies with the Data Protection Act. Last but not least, we can also test the security of your corporate IT to help identify vulnerabilities on corporate PCs, servers and entire IT infrastructure.
  • DPO outsourcing (required roles of data protection inspector)
    If your organization systematically processes personal data, the company will be required by law to play the role of Data Protection Officer. The vast majority of companies do not need a full-time person for this role, but they also cannot use, for example, an IT director to avoid conflicts of interest. Aira GROUP offers the opportunity to outsource the function of data protection inspector to our specialist and thus save the company the cost of its employees.

I am interested in

Arrange a free consultation contact us



GDPR (General Data Protection Regulation) is a European Union regulation on the protection of personal data that was put into effect on 25 May 2018. It applies to all organizations that process personal data of citizens in the European Union, ie almost every company. It is the world's toughest and most comprehensive standard for the protection of personal data. Once the GDPR is put into practice, European citizens will have more control over everything that happens to their data.

GDRP applies not only to companies but also to individuals and online services that process user data. Uniformity of the standard throughout the European Union ensures universal applicability across countries. In addition to the EU, it also covers Norway, Liechtenstein and Iceland. This uniformity is advantageous and ensures no adjustments within individual states for the possible needs of specific interest groups.

Why such novelties? The European legislation currently in force is from 1995, so it is outdated and does not reflect, for example, the use of social networks, cloud storage and other technologies.

What changes are the most important?

  • There are significantly larger penalties of up to € 20 million (CZK 540 million) or 4% of worldwide turnover (whichever is higher).
  • Sanctions will be the same in all participating countries, and supervisory cooperation will be reinforced.
  • The standard will have an impact on all organizations that handle personal data of European Union citizens. For example, those who are employers in the EU or offer services or products.
  • It will be mandatory to report a data breach immediately, no later than 72 hours after detection.
  • In organizations that systematically process personal data, the role of the Data Protection Officer will be required.
  • Companies will be fully responsible for the functioning of technical and organizational measures related to data protection.
  • Every company must formulate with clarity a request for consent to the processing of personal data.
  • Everyone has the right to access to data which has been collected concerning him or her. Every data subject has the right to erasure and to be forgotten unless this applies to cases where the collection of such data is required by law.
  • The definition of personal data will be expanded. With GDPR, this information will be, for example, an e-mail address, IP address or cookie on a specific user's device.

What data will you need to protect in your organization?

  • Data on employees (name, telephone, address, date of birth,…).
  • Data on customers/citizens/patients (marketing databases of contacts, customer lists, patient health cards,…).
  • Data on business partners and suppliers (non-public personal data of suppliers).
  • Personal data transferred for processing to third parties (payroll accountants, direct marketing, credit registers).


Write your questions or leave us a phone number. We will be happy to contact you.
Processing of personal data

By filling in your personal data, Aira Group s.r.o. with its registered office at Vratislavova 57/1, 12800, Praha 2, IČ 25682598, will become the administrator of your personal data. Upon the legal title of the consent, we register Email, Name, Surname, Telephone, until the revocation of consent. We process this data to assess whether the service will be provided.

Your rights
You can object to this processing and request the rectification of the personal data provided, request information on what your personal data we process, or request the deletion of personal data, if possible. If automated processing takes place, you have the right to data portability and not to be the subject of a decision based on that decision. If you have given us consent to the processing of your personal data, we will inform you that you can revoke this consent at any time and it is the administrator's responsibility to delete this data and not further process it. Revocation of consent does not affect the lawfulness of processing based on the consent given before its revocation. It is your right to lodge a complaint with the supervisory authority (Office for Personal Data Protection) against this processing. With your requests, you can contact email or the headquarters of our company: Aira Group s.r.o, Vratislavova 57/1, 12800, Prague 2

Our company has appointed a Personal Data Protection Commissioner. In case of any doubts, you can contact him by email at by phone at 283 850 031, or contact us at the address of our company.


Cookie lišta 2022

Cookies lišta v roce 2022: Jak si s novelou zákona o elektronické komunikaci poradily velké české weby?

Od 1.1.2022 platí novela zákona o elektronické komunikaci a týká se také využívání cookies. O čem konkrétně je řeč a jak si s novou podobou cookies lišt poradily nejznámější česk...


Internet v číslech za rok 2017

51,8% z veškerého internetového provozu na stránkách pochází z robotů, zatímco číslo 48,2% zastupuje skutečné lidské uživatele. No, internet má prostě pořádně nakročeno do větš...

chci jít na blog