- consultations and trainings with regard to the rights and obligations of personal data controllers, personal data processors, and data subjects – in accordance with the relevant applicable laws, including the Bulgarian Personal Data Protection Act, the General Data Protection Regulation (GDPR), the Regulation on Privacy and Electronic Communications (ePrivacy Regulation), etc.
- drafting documentation – declarations, data transfer and data processing agreements, etc.
- requirements with regard to international (cross-border) data flows of personal data, assigning processing activities to third parties (subprocessors/vendors), etc.
- consent, legitimate interest, and other bases for the lawful processing of personal data
- right to erasure (right to be forgotten) and other requests by the data subjects
- notification of a personal data breach to the supervisory authority (data breach notifications), communication of a personal data breach to the affected data subjects
- implementation and maintenance of technical and organisational security measures with regard to the processing of personal data
- continuous supervision with regard to meeting the relevant obligations of the data controllers and data processors (compliance)
- drafting and maintaining documentation pursuant to the accountability principle (records of processing activities, etc.)
- drafting and updating of privacy policies (privacy notices) and cookie policies