Sb Accounting & Consulting is proud to announce its readiness and compliance with the requirements imposed within the General Data protection policy (GDPR). The policy has the highest priority in SB activities, ensuring compliance with related standards ISO 9001, ISO 27001, Regulation 2016/679 of the European Parliament and the Council on data protection (GDPR) and applicable Bulgarian legislation.

The fundamental principles of Sb Accounting & Consulting are:

  • Legitimate, bona fide and transparent processing – Personal data is processed in accordance with the law, the contracts concluded and the consents received from data subjects, in good faith and in a manner transparent to the data subject.

  • Relevance – Personal data is processed for specific, explicitly indicated and legitimate purposes and are not further processed in a manner incompatible with these purposes.

  • Minimize data – Personal data is appropriate, relevant and limited to what is necessary for the purposes for which it is being processed. In order to reduce risks to entities, the company applies anonymisation and pseudonymization of data.

  • Accuracy – Personal data is accurate and, as necessary, preserved in its most updated version. Taking into account the processing objectives, the company infers measures to ensure that inaccurate data is erased or corrected in an appropriate manner.

  • Limited storage period – Personal data is stored for a period no longer than it is necessary for the purposes for which it is processed and regulated by the statutory and contractual terms.

  • Integrity and confidentiality – The organization takes technical and organizational measures to ensure an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

  • Accountability – The Company is responsible and able to demonstrate the amenability with the above-mentioned principles.

The Company maintains the accuracy, integrity and confidentiality of the data through policies regulating the data storage, users’ access, change management, information security rules, risk assessment and treatment, incident management rules. The mechanisms adopted are subject to regular testing, assessment and evaluation of effectiveness.

Among the compulsory requirements imposed by the regulation, such as the appointment of Data Protection Officer, the Sb Team overextended the scope of the organisation’s compliance. Assuring the maintenance and ongoing qualifications of the professionals within the Sb Team, are predisposition of sustaining high commitment and devotion and adherence of the Data Protection Policy.

For further questions and information regarding the fulfilment of the compulsory requirements of the GDPR regulation please contact us at: