Data protection and cyber security

Modern management in today’s business world is data management.

Our team has extensive regulatory experience in this area, including cross-border matters covering the full spectrum of legal services.
We’ll outline how to balance the free flow of information and the need to be open to the world as well as to protect your data and the privacy of your employees and customers.

Our team is familiar with European data protection legislation and we are ready to help in case of data breaches and hacker actions.

We can advise you on the issues of day-to-day data protection work and their management – from staff data and medical records to patient management, to restrictions on outsourcing and record retention requirements, to dealing with data breaches or cyber-attacks.

An efficient way to ensure compliance with data protection regulations and to build customer trust through transparency is to certify your IT products or IT-based services through Low Print Confidence (EuroPriSe). Our legal and technical experts can carry out the necessary assessment for your certificate.

We offer packages of legal services that include:

  • Review of the specific business processes and preparation of a complete package of documents for the protection of personal data for commercial companies in a wide range of industries – tourism, pharmacy, medical practices, IT, e-commerce, etc.;
  • Consents, personal data processing agreements and other applicable documents;
  • Impact assessment on personal data protection;
  • Inventory of personal data processing processes (data mapping);
  • Analysis and preparation of a report on the degree of compliance with GDPR (Gap analysis);
  • General terms and conditions for internet sites and electronic stores;
  • Clauses in commercial and employment contracts for the protection and processing of personal data;
  • Documents and protection when transferring personal data to third parties;
  • Documents for processing personal data for marketing purposes;
  • Registration of personal data administrators;
  • We provide a comprehensive service as a responsible person;
  • Legal assistance in cases of data security breaches and notifications of security breaches;
  • Representation before the Bulgarian Commission for Personal Data Protection;
  • Drafting anti-money laundering rules and procedures and “Know Your Customer” documentation that comply with the requirements of the law, but will not create an administrative burden on their implementation;
  • Determining the actual owners of the company and providing the information to the registers.


“For me, for my partners and colleagues, one thing always remains true about AD “Toncheva and Partners” – the feeling of security, peace of mind, that we are in the right place and will receive the right advice.”

National Board of Tourism

Dr. Polina Karastoyanova, CEO

“Toncheva and Partners JSC has the necessary expertise covering all needs.”

Association AIBEST

Nora Ishkova, CEO

“I was impressed by the depth of the legal research and the comparative analysis they did between the Bulgarian legislation and the European framework for early childhood education and care.”

Foundation for children at risk around the world

Rositsa Bogalinska-Petrova, CEO