ODO 24 services – our mission
Our mission is to build safe working environments that ensure full compliance with regulations and cyber resilience. By choosing ODO 24, your organisation gains not only professional support, but also peace of mind that challenging topics are in the best hands.
Scope of GDPR services in the IT sector
Data security in IT services – business case
The IT industry, including software houses and outsourcing companies, often acts as a data processor on behalf of clients – which entails a high level of responsibility under the GDPR. Challenges range from correctly entering into data processing agreements to ensuring technical data security in projects carried out for various industries. The ambiguous role of the controller and processor, the lack of clear access matrices and, in the case of outsourcing, the difficulty in ensuring consistent security standards across geographically dispersed teams can also be problematic.
ODO 24 led the implementation of the GDPR in software houses, DevOps companies and IT service providers operating on both the Polish and international markets.
We helped structure client relationships through model data processing agreements, built internal accountability models, implemented data protection policies in development environments and provided technical training to project teams. We also supported a game developer and analysed player profiling issues. As a result, companies increased their maturity in data management, minimised regulatory risks and strengthened their position as trusted suppliers. We also worked out a unified software sales model together with maintenance services. When serving software houses and IT outsourcing clients, we focused on regulating data processing agreements with data controllers. We also jointly developed information on the technical and organisational measures used, which allowed our clients (processors) to avoid repeatedly completing security questionnaires.
We serve or have served, among others, Posiible, intive GmbH, Schibsted, KBJ S.A., LIZARD MEDIA SOFTWARE HOUSE Sp. z o.o., ENSIS TECHNOLOGY Sp. z o.o., PROGRESO.PL Sp. z o.o., PREDICTIVE SOLUTIONS Sp. z o.o., DS. Stream sp. z o.o., ELITMIND sp. z o.o., TRANSACTIONLINK sp. z o.o., InsERT S.A.
The IT industry, including software houses and outsourcing companies, often acts as a data processor on behalf of clients – which entails a high level of responsibility under the GDPR. Challenges range from correctly entering into data processing agreements to ensuring technical data security in projects carried out for various industries. The ambiguous role of the controller and processor, the lack of clear access matrices and, in the case of outsourcing, the difficulty in ensuring consistent security standards across geographically dispersed teams can also be problematic.
ODO 24 led the implementation of the GDPR in software houses, DevOps companies and IT service providers operating on both the Polish and international markets.
We helped structure client relationships through model data processing agreements, built internal accountability models, implemented data protection policies in development environments and provided technical training to project teams. We also supported a game developer and analysed player profiling issues. As a result, companies increased their maturity in data management, minimised regulatory risks and strengthened their position as trusted suppliers. We also worked out a unified software sales model together with maintenance services. When serving software houses and IT outsourcing clients, we focused on regulating data processing agreements with data controllers. We also jointly developed information on the technical and organisational measures used, which allowed our clients (processors) to avoid repeatedly completing security questionnaires.
We serve or have served, among others, Posiible, intive GmbH, Schibsted, KBJ S.A., LIZARD MEDIA SOFTWARE HOUSE Sp. z o.o., ENSIS TECHNOLOGY Sp. z o.o., PROGRESO.PL Sp. z o.o., PREDICTIVE SOLUTIONS Sp. z o.o., DS. Stream sp. z o.o., ELITMIND sp. z o.o., TRANSACTIONLINK sp. z o.o., InsERT S.A.
GDPR and cybersecurity – challenges for the IT and outsourcing industries
IT companies developing software and providing DevOps, maintenance or outsourcing services often have direct access to customer data, their systems, infrastructure and production environments. In such a role, they typically act as data processors, which brings obligations under the GDPR – including compliance with data processing agreements, data protection and documented compliance.
However, in practice, compliance alone is not enough. What becomes crucial is the real implementation of cyber security principles – access control and segmentation, data encryption, environment monitoring, backups and readiness to respond quickly to incidents.
In an industry where the customer relationship is based on trust in technical competence and security, cyber resilience is not just a standard – it is a competitive advantage. For software houses and IT service providers, it is a prerequisite for participating in projects with a high degree of confidentiality and responsibility for data.
We use recognized international standards.
This is how you recognize quality
We use recognized international standards. This is how you recognize quality
CIPM
Implementation of privacy and personal data protection system
ISO/IEC 27001
Information technology - Security techniques - Information security management systems
ISO/IEC 29134
Information technology - Security techniques - Guidelines for data protection impact assessment
ISO/IEC 27001
Privacy information management system
ISO 31000
Risk management - Principles and guidelines
PRINCE2 and SMC™
Project management methodologies
ISO 19011
Guidelines for auditing management systems
ISO/IEC 27005
Information technology - Security techniques - Information security risk management
Looking for solutions tailored to the IT and outsourcing sector? We invite you to work with us!
What our customers say about our services
Marcin Wieczorek
„I am very impressed with the high level of substantive expertise of the training staff"
From 13 to 17 March I attended the "Course for Information Security Administrators" organized by ODO 24 sp. z o.o. I am very impressed with the high substantive level of the training staff and the comprehensive program. Working as an ABI requires knowledge not only of legal provisions but also of IT matters, which ODO 24 took into account. Noteworthy is the curriculum, which gradually introduces increasingly advanced nuances of personal data protection, starting from the legal basics and ending with practical aspects of auditing and working with documents within a company. The complete set of materials, editable documents and publications I received will facilitate my daily work as an ABI. I can certainly recommend ODO 24 as a reliable partner offering training services of a high standard.
Magdalena Węglewska
„We can wholeheartedly recommend ODO 24 as a professional and reliable partner"
For many years we have consistently placed great importance on the protection of the personal data of our customers as well as our employees. We took an active part in creating the "Code of Good Practice for the Protection of Personal Data of Customers and Potential Customers,” developed jointly by GIODO and the Polish Automotive Industry Association. Due to the complexity and variability of the rules on personal data protection, as well as Mazda’s dynamic development in Poland and the increasing volume of data we process, we decided to entrust the ABI function to a company specialized in this field. The decision to use the services of ODO 24 was primarily influenced by the experience and competence of the team of experts, the comprehensiveness of the offering and its flexibility in adapting to our organization. After a year of cooperation we can recommend ODO 24 as a professional and reliable partner.
Agnieszka Karłowicz
„A practical approach, continuous advisory availability, and positive working relationships"
We have been working with ODO24 for over a year. For us it has been a year of peaceful breathing and a sense of security: at least regarding personal data protection :-) The people at ODO are professionals who explain matters that are incomprehensible to the average person in an understandable way. They understand not only their profession but, which is very important to us, business and its requirements. A practical approach, constant advisory availability, and great relationships — all of this means I can recommend this Company to anyone who wants to work and sleep peacefully.
Tomasz Siwicki
„I recommend the company ODO 24 as a professional partner"
For several years we have been cooperating with ODO 24 in the field of personal data protection. A professional team that efficiently helped us to comply with the requirements of the GDPR. We make use not only of the experts’ knowledge but also of professionally prepared e‑training, thanks to which we were able to train several hundred employees in a very short time. I highly recommend ODO 24 as a professional partner delivering services at the highest level.
Opinion of the participants
Opinions4.9
(173)
(173)
Tomasz G.
2 years ago
I wanted to thank you for the wonderful training I've had at your company, the materials were very well prepared, and the instructor has shown tremendous knowledge and experience.
Aleksandra P.
2 years ago
Training at a very high level, I highly recommend!!! Training materials very useful in everyday work.
Sławomir M.
2 years ago
Mrs. Mecenas, it was an honor to be able to take part in this training, and thank you very much for your professional approach and valuable practical guidance.
Wacław T.
3 years ago
The IOD course organized by ODO24 has met all my expectations, a very practical approach, concrete examples and professional support.
Maria K.
1 year ago
The training was conducted in a way that was understandable even to those without previous experience in this field.
Piotr N.
10 months ago
Very good training, a lot of practical examples, a little bit too little time to ask questions, but overall I'm satisfied.
Anna W.
8 months ago
A professional approach, a great atmosphere during the training, the instructor answered all the questions thoroughly, and I highly recommend ODO24!
Jan K.
1 year ago
It's the best personal data protection training I've ever had, specific examples from real life, not just a dry theory, I recommend it to anyone who works with GDPR.
Katarzyna J.
6 months ago
The training meets my expectations. A lot of practical knowledge, good materials. The only drawback is too much group, so less time for individual consultations.
Michał L.
4 months ago
Excellent training! A very competent conductor with vast experience. Everything explained in a clear and understandable way. The training materials are very useful.
Joanna D.
3 months ago
I recommend ODO24 training to anyone seeking a sound knowledge of the field of ODO: professional service, excellent organisation and excellent teaching facilities.
Andrzej S.
2 months ago
Sometimes the pace was a little too fast, but the conductor was happy to return to the topics discussed earlier at the request of the participants.
GDPR in IT services – questions and answers
How much do GDPR services cost for IT companies and software houses?
The cost depends on the scope of data processing, models of cooperation with clients (outsourcing, design, maintenance) and the size of the team and tools. We offer packages tailored to software houses, DevOps firms, IT outsourcing companies and SaaS providers. We prepare individual quotations after analysing the structure and type of processing.
What GDPR issues most commonly occur in IT companies?
The most common are lack of clear controller–processor roles, undocumented data processing engagements, overly broad developer privileges and lack of access matrices. There is often a lack of transparency in B2B contracts and inadequate security for test environments.
Does a software house also have to implement the GDPR if it works solely on a client's instructions?
Yes – even as a data processor you are obliged to ensure compliance with the GDPR, secure the data and put in place appropriate agreements. We help organise the documentation and the rules of cooperation with clients in accordance with the regulations.
Which data are most sensitive in IT and development services?
These are data entrusted by clients (e.g. application users' data), employee data, test data, system log data and technical information stored in production and staging environments. There is also high risk when using cloud services without explicit oversight.
Does the GDPR also cover data processed by our applications on clients' systems?
Yes – responsibility depends on the role you perform, but you must ensure compliance with the GDPR regarding security, data processing agreements and the processing of data. We implement solutions that take into account B2B, SaaS and outsourcing models.
Will GDPR implementation slow down our development teams and project work?
No – our approach is technical, practical and adapted to the realities of agile working. We can integrate GDPR requirements with current DevOps and SDLC processes without stopping sprints.
Does ODO 24 know the specifics of software houses and outsourcing firms?
Yes – we have worked with IT companies delivering projects in Poland and abroad, application providers, white-label service providers and suppliers of outsourced specialists. We know the realities of the daily work of technical and project teams.
Can I take advantage of a free initial consultation?
Yes! We offer a free consultation for IT companies – we will help identify risks, clarify responsibility for data and design secure, GDPR-compliant solutions in your processes and products.
Our greatest value is the trust of our customers.
How can we help you?
Write or call, we will find a solution
