GDPR Compliance - Head Office

Bring the Privacy Policy in your company by trusting the experts of Kreston BulMar.
With our special service every company can rapidly implement it and afford it!

On May 25, 2018 the General Data Protection Regulation, known as the GDPR entered into force. It does not matter whether you are registered as a personal data administrator or have the capacity of a processor -EVERY BUSINESS WHO WORKS WITH PERSONAL DATA OF INDIVIDUALS IS OBLIGED TO COMPLY WITH THIS REGULATION. Every company needs to analyze its processes related to the processing of personal identification information, assess the risk of data protection, and implement the necessary procedures for their processing and protection.

What Our Service is?

As a responsible consulting company, we at Kreston BulMar have set up a large GDPR team and put in a huge resource to thoroughly study the Regulation and all guidelines and instructions for its implementation given by the European Commission's special working group. This allowed us to overcome all the inherited myths regarding GDPR and to create an understanding of what is necessary as a minimum and what is sufficient to make a small, medium or large business meet the requirements of the Regulation.

We understand that in order to put in place new rules in a company, they need to be illustrative, concise, clear and easy to apply. That is why we have made a huge effort to develop a model for simplified policies and procedures that are well illustrated so that each company can quickly implement them into their business by easily and quickly training all employees who will have to apply them.

For even greater ease, for each company, we adapt the Quick Start Manual, through which each employee can quickly be trained over the entire data processing and data protection system, and then easily recall what needs to be done on each individual procedure. You can see below how we illustrate the procedures that will have to be followed with you.

We‘ve made all that because if you have just a few procedures that people do not understand and do not apply, it means that the probability of a personal data protection problem to occur is great, and the likelihood of being imposed a penalty is also very high.

Project Phases

1. Conducting an interview to analyze processes that are related to personal data processing within your business. 1-2 working days from
the start of the service
2. Assessing your company's GDPR compliance and concluding on the necessary policies, procedures and documents that should be applied to your company's business. 8-10 working days after
the completion of Phase 1
3. Preparation of an impact assessment on offence or misconduct relating to personal data with respect to the risks of various probability and degree for the rights and freedoms of individuals, on the basis of which all processing policies and personal data protection measures are prepared. 8-10 working days after
the completion of Phase 1
4. As a result of the compliance analysis and impact assessment, preparation of a package of tailored documents for GDPR compliance in your company, incl. policies, procedures and documents to be applied and submitted to the supervisory authorities in case of inspection. 8-10 working days after
the completion of Phase 1
5. Preparation of an Instruction for the application of the documents provided in phase 4 in the activity of your Company. 8-10 working days after
the completion of Phase 1

Price of the Service

Number of employeesPrice BGN
up to 5 people 1 250
6 to 10 people 1 750
11 to 50 people 2 500
51 to 100 people 3 500
101 to 250 people 5 000
over 250 people 7 000


Nina Stoeva 0878 150 067
Dimitar Yanev 0877 034 147
Tsvetelina Paskova 0877 034 140
Deyan Rizov 0879 638 000
Plamen Stefanov 0876 637 000
Lachezar Mikov 0879 518 000
Ivelin Uskov 0879 576 000

Some of the myths and misconceptions regarding GDPR compliance process

  • Myth No. 1: GDPR is yet another administrative burden on companies.
    Absolutely NOT! The spirit of GDPR is not to create additional administrative burden, but to introduce a uniform EU-wide rules and procedures on personal data processing. Moreover, the Regulation even exempts companies employing up to 250 people from having to keep certain registers in order to reduce the administrative burden on them.
    Many consultants and analysts who are not well familiar with GDPR, or perhaps willing to earn more based on people’s fear, try to create the impression that GDPR compliance is a very difficult process to implement and is very cumbersome from an administrative point of view.
    It should be noted that the GDPR does not differ significantly from the current Directive or from Bulgari’s Personal Data Protection Act, but simply unifies the rules throughout the Union and enforces with enormous stringency their compliance.
    Last but not least, let's honestly say that every person would like to feel secure regarding their personal data, and this can be achieved with more order and rigor on those who are processing the same.
  • Myth No. 2: The GDPR compliance process is a very complicated and long one.
    Yes, the process could be complicated and long, if you yourself set the goal to study GDPR and all guidelines and practices related thereto to build and implement your own internal rules to comply with the Regulation and avoid high penalties.
    However, if you hire a suitable consultant, the GDPR compliance process is done with much less effort and within much shorter deadlines –2-3 weeks.
  • Myth No. 3: Using a consultant to get your trough the GDPR compliance process is very expensive.
    Yes, until recently, while services in the field were still exotic, the prices were very high – tens of thousands of Bulgarian leva, and the process continued for months.
    Excessive prices come from consultants who do not have available well-built methodology to quickly assess problem areas and quickly provide the necessary solutions because it takes them many, many man hours that the client has to pay. When selecting a suitable consultant with a well-built working methodology, the GDPR implementation is done at a very affordable price and for very short deadlines.
  • Myth No. 4: GDPR compliance requires costly technological solutions
    Absolutely NOT! No such requirements are set anywhere in the GDPR. In general, it is sufficient for the company to create a good internal organization of personal data on licensed operating systems, networks and applications. A well-trained consultant will provide you with the appropriate processes to ensure that the personal data you maintain is reliably protected, in accordance with GDPR, with the available licensed operating systems, networks and applications.



Nishka str. 172

Contact person
Nina Stoeva

Our team