Simple & cost-optimal GDPR outsourcing

We will do for you everything that usually sounds complicated and incomprehensible. We will explain complex processes, detailed reports and help you implement them.

read more GIVE ODO 24 A TRY

Personal data protection and information security
has a direct impact on safety of the people,
that make up your business.

Why is it worth working with ODO 24?

  • Work with experts
  • Our experts are market leaders in the field of personal data protection and information security, and are the authors of numerous publications in this field.

  • Be satisfied with your choice
  • Over 1,000 clients have already benefited from our services. Our offer is constantly enriched to fully satisfy our customers.

  • Perform efficiently
  • Many years of practice have allowed us to develop effective and reliable solutions, dedicated to various industries.

  • Cut costs
  • Outsourcing the area of personal data protection and information security saves significant financial resources related to the employment of 2 specialists: an expert in the field of law and an expert in the field of IT.

Need presentation for the decision maker? Download

Professionals behind the services of ODO 24

We create a multi-disciplinary team that will satisfy the needs of even the most demanding customers.

Maciej Kaczmarski
Maciej Kaczmarski
Chairman of the Board
Tomasz Ochocki
Tomasz Ochocki
Expert Team Leader
Paweł Radecki
Paweł Radecki
Compliance Expert
Katarzyna Szczypińska
Katarzyna Szczypińska
Data Protection Expert

Why is it worth switching to ODO 24
GDPR outsourcing?


Saving employees' time

ODO 24 takes over the performance of complex tasks related to the protection of personal data and information security. Thanks to specialization, we perform tasks quickly and efficiently.


Reduction of training costs

Our consultants have extensive knowledge, as they only deal with the field of personal data protection and information security. Their knowledge is constantly updated and confirmed by renowned certificates, e.g. by leading auditors ISO 27001, ISO 22301.


Specialized tools

When providing advisory services, we use specialized tools, such as software that supports audit activities and is used to manage the personal data protection system (Dr GDPR application, ODO Navigator application). We use algorithms that are based on recognized standards and facilitate risk analysis as well as the assessment of personal data breaches. We provide tools to our clients.



ODO 24 has a dedicated third party liability insurance policy, which covers both formal and legal consultancy and IT consultancy. The extended scope distinguishes the ODO 24 policy from typical professional policies covering only legal services.

Get an offer or a free consultation


We use international standards and guidelines


Implementing a privacy and personal data protection system

ISO/IEC 27001

Information technology - security techniques - information security management systems

ISO/IEC 29134

Information technology - security techniques - guidelines for assessing the impact of processing

ISO/IEC 27701

Privacy information management system

ISO 31000

Risk management - rules and guidelines

ISO/IEC 27005

TInformation technology - security techniques - risk management in information security

ISO 19011

Guidelines for auditing management systems


Project management methodologies

Contact details

Use the contact form or contact one of our consultants. We will contact you within max. 24 hours. In practice, it is 1-2 hours on working days.

Cezary Lutyński

Cezary Lutyński

phone: +48 690 957 609, 22 740 99 96

Marcin Kuźniak

Marcin Kuźniak

phone: +48 690 957 665, 22 740 99 96

How can we help you?

The administrator of your personal data is ODO 24 sp.z o.o. with its headquarters in Warsaw (03-812) at ul. Kamionkowska 45. Your personal data will be processed for the purpose of preparing, sending and archiving the commercial offer. More information on the processing of your personal data can be found in the Privacy Policy.

Thank you for contacting us!

The message has already reached us

We will contact you to clarify the information and prepare an attractive offer.

Have a great day!


Thanks to the GDPR compliance audit, you will learn to what extent the organization meets the requirements of the GDPR and what actions you should take to fully comply with it.

Scope of audit in the formal and legal area

  • Analysis of applicable policies and procedures for the processing personal data.
  • Implementation of the rights of data subjects, among others in terms of: the right to access personal data, the right to rectify and delete data, the right to be forgotten, the right to limit processing, the right to transfer data, the right to object, the principles of automated decision making in individual cases.
  • Analysis of personal data processing in relation to which the organization is a data controller, among others in terms of: lawfulness of processing, fulfillment of the information obligation for data subjects, regulation of entrusting data for processing, rules for transferring data to third countries or international organizations, taking into account data protection at the design stage and their default protection.
  • Analysis of the processing of personal data, in relation to which the organization is a processor.

Results in the formal and legal area

Reliable and documented assessment of the compliance with GDPR - audit report for your organization.

Precise recommendations to remedy possible deficiencies or shortcomings in clauses, statements, registers or procedures.

Proof for the President of the Personal Data Protection Office that you regularly evaluate the effectiveness of organizational data protection measures.

IT Audit

The unlimited reach of the Internet, as well as the global dispersion of online service providers, makes us lose control over our data. Ensuring the security of all information held by your company is a challenge that requires thoughtful action.

Scope of IT audit

  • Verification of the applied mechanisms of access control to information systems.
  • Analysis of the adequacy of the applied physical protections with particular emphasis on the server rooms, archives, HR department, IT department and accounting.
  • Verification of the authorization management process.
  • Verification of the backup copy management process.
  • Examination of the security of computer stations, mobile devices, carriers and other equipment.
  • Checking the communication security in the LAN/WAN network.
  • Verification of the documentation of ICT and physical security.
  • Checking the level of knowledge and awareness of the organization's employees.

Results in IT area

Reliable and documented assessment of the organization's compliance with GDPR - audit report.

Precise recommendations to ensure safety and the ability to execute the rights of data subjects within information systems.

Proof for the President of the Personal Data Protection Office that you regularly evaluate the effectiveness of organizational data protection measures.

Risk Analysis and Data Protection Impact Assessment

Risk analysis (Article 32 of the GDPR) and data protection impact assessment data protection (Art. 35 of the GDPR) are the heart of the personal data protection system. Thanks to them, you will learn whether the security measures which have been applied are sufficient and what risks are generated by your business for people who have entrusted you with their personal data.

Scope of the risk analysis and data protection impact assessment

  • By performing a risk analysis for the resources involved in your processing operations, you meet the technologically neutral requirements of the GDPR. In other words, you create something more than just "paper" security.
  • Furthermore, we will assess your processes in terms of risks related with the processing of personal data. In relation to the processes which are associated with high risk, we will carry out DPIA.

Results of risk analysis and DPIA

Reliable analysis of business processes in terms of the need to conduct a data protection impact assessment (DPIA).

DPIA for processes that require it.

Risk analysis for resources involved in the implemented business processes.

Preparation of data protection documentation

Personal data protection documentation defines the principles according to which an organization manages the personal data. By providing employees with knowledge of the expected methods of processing personal data, it protects against threats arising from the ignorance or carelessness of the staff.

The processing procedures and data protection policies will include:

  • personal data protection policy,
  • IT resources management manual,
  • procedure for managing data processing rights and registering these rights in the IT system,
  • policies: data protection by design, data protection by default,
  • breach management policy,
  • procedure for conducting a data protection impact assessment (DPIA),
  • procedure for the selection of a processor together with a model agreement on entrusting data processing,
  • a register of processing operations and a register of all categories of activities.

ODO 24 actions

Making appropriate changes to documents to ensure that all documentation is complete, consistent, and non-contradictory.

Removal of redundant or duplicate records and place actually appropriate records in appropriate documents.

Developing or updating missing procedures and policies in accordance with the recommendations of the President of UODO

Process modeling

During their designing an organization determines, among others, the purposes of the processing, the scope of data necessary to achieve them, the duration of processing, and provides the necessary information to data subjects in a clear and transparent way.

We will help you with process modeling, among others:

  • define the appropriate legal basis for the processing,
  • divide duties between the various co-administrators and prepare an appropriate agreement in this regard,
  • prepare a consent clause for processing personal data,
  • define the scope of personal data adequate for the purpose of processing,
  • develop mechanisms for updating data,
  • prepare clear information obligations for data subjects,
  • define the correct processing time for personal data for a given process,
  • enter into a secure and beneficial entrustment agreement for you.

ODO 24 actions:

Support during the design or implementation of changes to ongoing processing (e.g. by developing the necessary statements and disclosure obligations).

Support during the establishment of cooperation with the processor (examination of applicable security measures, preparation and negotiation of the entrustment agreement).

Support during the process of transferring personal data to third countries or international organizations.

Day-to-day support

Supervisions, consultation, monitoring, day-to-day in the processing of personal data.

  • Monitoring of compliance with the GDPR, other Union or Member States' data protection laws and the controller's or processor's policies on the protection of personal data.
  • Informing and advising the controller, the processor and employees who process personal data, about their obligations.
  • Supporting you throughout the breach management process.
  • Liaising with the supervisory authority and acting as the contact point on matters related to processing, including prior consultation.
  • Data subjects may contact with the data protection officer on all matters related to the processing of their personal data and with implementing their rights under the GDPR.
  • As part of the preparation for the audit of the President of UODO, we will conduct an IT and legal audit of the part of your organization that will be subject to the control.
  • With the support of experienced lawyers, you will gain confidence and control over the correctness of the audit and support for your organization's staff.

ODO 24 actions

Maintaining compliance in the legal and IT areas.

Legal and IT support.

Handling data breaches.

Contact with data subjects.

Cooperation with the PUODO.

Preparation for inspection.

Guarantee of participation in the control activities of the PUODO.


Free forms of training

With ODO 24 e-learning, employers save hundreds of man-hours for their employees. The scope of the online training is tailored to the needs of employees on the given position. Employees get only the content that applies to them.

3 smart types of e-learning We are the only company in the market that offers three trainings to choose from: training "in a nutshell", extensive "meritum" and interactive "premium". They differ in the portion of knowledge and time needed to complete the training (respectively – 30, 45 and 60 min.).

Knowledge tests, certificates and authorization Each participant of the e-learning, after passing the test, receives a certificate confirming completion of the training and authorization to process personal data.

Results of ODO 24 e-learning

After the extensive training, the participants will know, among others:

what are the most important concepts in the area of personal data protection, the legal grounds for collecting personal data and the principles of information protection,

how to report breaches of personal data protection,

what is the essence of a data protection impact assessment (DPIA).