Still not prepared for GDPR?

Still not prepared for GDPR?

On 25 May 2018, a new Directive approved by the European Parliament comes into force. Its name is already known to many now, GDPR - General Data Protection Regulation. The new Brussel's Regulation will only concern the protection of personal data. Preparing and adapting to the new rules often can be challenging, so we will try to bring you the most important information that GDPR introduces.

Unpreparedness of companies

May 25 is starkly approaching, and surveys (www.ey.com) show that more than 78% of businesses are not fully identified with the new GDPR. By contrast, around 33% of companies have already taken the necessary steps to comply with GDPR.

As time is running out, we offer you an overview of the major changes that you should know about and apply from 25/05/2018.

GDPR applies to every single company

Any company, organization, institution or even an intermediary (lawyer, attorney, accountant) working with personal data is bound by the GDPR. The European Union protects all EU citizens outside the European Union too.

Therefore, if you are one of the companies (firms) that process and further use personal data, you must comply with the set rules and meet the requirements that the new GDPR defines. The aim of GDPR is to obtain maximum protection for EU citizens, or persons whose personal data are handled.

What GDPR brings and what to prepare for

- Personal data definition

First of all, GDPR precisely defines and extends what is considered personal data. In the protection of personal data, the aim is for the company to handle the client's data with maximum responsibility. A personal data is any information that allows the person concerned to be identified. Under the new policy, IP address or cookies too.

- Valid user consent

With the user's consent, the process will have to be clear, understandable and simple. Consent will no longer be part of the terms and conditions and will not be automated. The client must decide for himself whether he or she gives consent to the processing of personal data.

- Data Protection Officer – DPO

Companies and institutions are required to appoint a DPO. It will be responsible for the entire process of processing and protecting personal data. It will therefore be its duty to regularly review, monitor and document the processing of personal data. DPO is the name for the Data Protection Officer.

- Privacy Impact Assessment – PIA

The new terms are likely to scare many subjects. In the case of PIA, this is an assessment of the potential impact on client privacy in the event of a privacy risk. A similar measure should be part of the already given software that will process the data. You may also heard an expression such as "privacy by design", which means that a business is simply required to ensure secure processing of the user's personal data.

- Reporting leakage of personal data

Specialists say this step is very effective too. So far, the number of cases where an entity would have reported personal data leaks was an absolute minimum. In this case, the entity is obliged to report such an event to the Office for Personal Data Protection within 72 hours of its occurrence.

- Right of erasure

Up to now known as the "right to be forgotten." This is a specific right that every individual has. If he / she requests the erasure(deletion) of his / her personal data, the subject shall consider the request and grant the user the right to do so. At the same time, he must not back up the data in any way.

- Concept of a single approach

GDPR is valid in every EU country. The authority itself, which is the Office for Personal Data Protection in the case of personal data protection, also applies GDPR even if these companies are based outside the EU.

- Radical fines

The amount of EUR 20 million sounds really threatening. However, this is also a possible penalty for violating the GDPR. At the same time, the penalty may amount to 4% of the company's annual turnover. Depending on which amount is higher.

We believe everyone will be able to apply the new regulation on time!