General Data Protection Regulation — GDPR

General Data Protection Regulation (hereinafter referred to as “GDPR”) represents the greatest revolution in the field of personal data protection in the last 20 years.

Basic Characteristics of GDPR

  • GDPR will enter into force on 25 May 2018 in all EU Member States

  • It establishes new rules for the processing of personal data of natural persons, including natural persons entrepreneurs. Prior to the GDPR effective date, all data controllers should review their existing data processing systems and in order to comply with all duties and implement technical and organization measures resulting from GDPR

  • It strengthens the rights of data subjects and creates new rights — right to be forgotten, portability right, etc.

  • It significantly extends the duties of data controllers and processors in connection with the processing operations carried out: * new institute of DPO (Data Protection Officer) for extensive data processing; * if a type of processing results in a high risk, the data controller must undergo DPIA (Data Protection Impact Assessment) and also a requirement for prior consultation with Data Protection Authority, (when applicable); * in relation to clients, data controllers will be required to meet extended information duty about the processing and for certain purposes they will have to modify the wording of client’s consents; * specific duties to ensure security of the processing and data controllers will be obliged to prove that the security elements are already contained in the proposal for procedure of the processing of personal data; * new obligation to notify the Data Breach Incidents (to Data Protection Authority and in certain cases also to the affected Data Subjects)

  • GDPR emphasizes the enforcement of data subjects’ rights

  • High sanctions are imposed for violations of personal data protection, up to 4 % of turnover, or € 20,000,000 (compared to the existing, rather symbolic, sanctions)

Legal Services Provided in Connection with GDPR

  • legal assessment of data controller procedures for processing personal data and proposing necessary changes to ensure compliance with GDPR processing

  • preparing and reviewing internal and external documents (contracts, guidelines, business conditions, manuals, etc.)

  • legal review of the text and the form of the obtained consent of data subjects with the processing of personal data according to GDPR

  • preparation of documents required to comply with the GDPR accountability principle

  • definition of new rules on how to properly handle and process personal data in accordance with GDPR

  • training of data controllers and their employees — tailored to the specifics of the relevant data processing

  • legal assistance in setting up data transfers to third countries (Privacy Shield)

Contact

If you are interested in further GDPR-related information, please contact our office via your contact person, or by email: child@akvk.cz or by phone +420 224 819 141.

Services