PLA - GDPR analýza

PLA, state enterprise


GDPR Impact Analysis for PLA

Who is a client

The Elbe River Basin (PLA) provides river basin management, which means the management of significant watercourses, activities related to the detection and assessment of surface and groundwater status in the Upper and Middle Elbe river basin and on the Elbe River itself under the confluence with the Vltava River state border, and other activities. Organizationally, the PLA is divided into headquarters and 3 factories with a total staff of 900.

Client's point of departure

With regard to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the client required an analysis of the impact of the GDPR on the State Enterprise. The analysis required:

  • Analyze the current status of privacy.
  • Identification of GDPR processing of personal data.
  • Drafting of internal rules on personal data protection.
  • Perform training for persons responsible for the protection of personal data.


How the analysis takes place

  • At the introductory meeting, we informed the client of the GDPR Regulation, the audit process, and the time requirements for PLA employees.
  • The client has submitted the required documentation (internal regulations, list of systems and applications)
  • Several managed interviews were conducted to implement the data inventory (data and physical documents)
  • We have processed and submitted draft internal rules.
  • In cooperation with the client, we have developed a risk analysis of the loss of personal data.
  • An e-learning course has been launched to familiarize responsible GDPR staff and new PLA privacy processes.
  • Physical security on-site personal data has been investigated
  • We have submitted an audit report and records on the processing of personal data
  • There was a discussion, the message was modified and supplemented.
  • The audit was completed in 2 months. Performance time has affected the workload of responsible PLA workers.


Claims on client

  • Required knowledge of contact persons:
    • knowledge of the IT environment
    • knowledge of processing in individual systems (guarantors)
    • knowledge of organizational regulations and business organization
  • Interview time (about 60 hours in aggregate for all participating workers in managed interviews).
  • Time to gather required documentation (man hour units).
  • Time to complete required information during a data audit (about 10 hours per hour).


The key benefits of the client's eyes

  • Knowledge of the GDPR regulation, including appropriate application to the business environment.
  • Ability to quickly orient in business processes (analytics).
  • A concise overview on how to comply with the individual chapters of the GDPR Regulation.
  • Drafting an internal privacy policy.


Ensuring compliance with GDPR is a service suitable for all businesses and organizations.

More about GDPR compliance