General Data Protection Regulation
What you need to know
- It’s a general regulation on the protection of individuals regarding the processing of personal data.
- It sets in place a single set of rules and applies in all member states of the European Union.
- People gain additional control over their personal data, transparency on data usage is ensured,
and controls are imposed to protect them.
for data protection
To whom is applicable
- GDPR applies to organizations of any size and scope.
- The law covers companies, government agencies, nonprofit organizations and other organizations that provide goods and services to people in the European Union or who collect and analyze data related to EU residents.
- Specifically, the regulation is directly applicable to any company that:
- Provides goods or services to individuals in the member countries of the European Union;
- Monitor the behavior of individuals in EU member states;
- Has employees in EU member states.
When did GDPR come into force?
It replaces the existing Data Protection Directive (Directive 95/46 / EC),
which has been in force since 1995.
Fines of up to € 20 million or 4% of the group’s annual turnover, whichever is greater.
The responsibility for the actions is shared between the company that controls the personal data and the company processing the personal data for the former, i.e. both will respond in their own name.
Examples of GDPR requirements
- According to the regulation, individuals have the right to know if an organization processes their personal data and the right to understand the purposes of that processing.
- A person has the right to request the deletion or correction of the data, to request they are no longer being processed, to refuse direct marketing, and to revoke consent for certain uses of his data.
- The data portability right provides individuals with the right to move data elsewhere and receive assistance in doing so.
- GDPR requires organizations to secure personal data according to their sensitivity.
- In the event of a security breach, data controllers must notify the appropriate authorities within 72 hours. In addition, if the breach will lead to high risks for the rights and freedoms of individuals, organizations will also have to notify the affected people without delay.
- For processing personal data, there must be a legal basis.
- Consent for the processing of personal data must be “freely, specifically, informed and unambiguous”. According to GDPR, there are special requirements to obtain consent to protect children.
- Organizations need to assess the impact on data protection to anticipate the impact of projects on privacy and act as needed.
- To demonstrate compliance with GDPR, recordings of processing activities and evidence of consent to data processing must be maintained.
- Compliance with the regulation’s provisions is not a one-time activity but a continuous process of monitoring the work on personal data and ensuring their security. Failure to comply with GDPR can lead to significant fines or refusal of business partners to collaborate.
- To ensure compliance with GDPR, organizations are encouraged to implement a privacy culture to protect the rights and interests of individuals regarding personal data.
Find out if you’re ready for GDPR
- We hold a workshop on IT and Legal
- We explain the implications of GDPR and how your company will need to adapt its workflows to conform
- We show you scenarios from real life, both IT and legal
- We show you already available IT solutions that support the implementation of GDPR
- We develop a personalized GDPR questionnaire for your company, assessing the extent to which you are trained and already comply with the regulation
- We provide you with a report on current levels of compliance with GDPR provisions and recommended solutions for complying with the regulation
- We run interviews with key people in your organization
- We check existing procedures, technical processes, infrastructure and licensing status, etc.
- In the end we give you
- A detailed report of current levels of compliance with the regulation’s provisions – general scoring and scoring by chapters
- A document with IT solutions recommendations that cover your needs, and which are GDPR-ready
- We implement recommendations and remedies related to procedures, technical processes, infrastructure and licenses
- We hold trainings to raise your employees’ awareness of GDPR provisions and use of new technical processes, infrastructure and licenses
The partnership with Mihai & Co. Business Lawyers law firm is proving its worth by offering legal counseling services that are an essential element in complying with the new European regulation – GDPR.
Considering the specific skills and experience of Mihai & Co. lawyers in the field, we can advise you all along the path, both in terms of IT and legal measures.