Any company, institution, individual or online service provider that works with personal data shall be affected by the GDPR obligations which represents great administrative burden for them.
Personal Data protection from Brussel
GDPR - the General Data Protection Regulation is a revolutionary piece of law of the European Union that increases significantly the protection standards of the EU citizens‘personal data. GDPR represents new legal framework of the data treatment in the European area with the aim to defend the rights of the EU citizens from any unfair use of their personal data. Any company, institution, individual or online service provider that works with personal data shall be affected by the GDPR obligations which represents great administrative burden for them.
GDPR enters into force on the 25 May 2018, being directly enforceable in the Czech Republic as an EU regulation. In our law firm, we have the best specialists who dedicate them self to this topic and hence are ready to help you to get ready for the GDPR and to set up the processes in your organisation respectively.
You may know already many of the mechanisms that the GDPR is bringing, from the previous data protection law. Nevertheless, the GDPR introduces number of new duties reaching also to data processors that had been covered by the data controller subjects under the previous law.
The GDPR lays down new legal obligation of the data controllers and processors, regardless their size or number of employees, to introduce new technical, organisational and procedural measures in order to prove a compliance with the principles of the GDPR. This will mean necessary time and money investments for the entrepreneurs.
Our specialists will provide you the best legal assistance to adopt the required internal concepts, to introduce procedural changes and measurers necessary especially in order to comply with the principle of the data protection by design and by default. This includes also the so called minimum data processing, pseudonymisation, transparency with respect to the purpose of the data processing, and making it possible for the citizens to access their personal data.
One of the biggest challenges for many is the notification duty in case of data safety interference. Therefore, it shall not be happening again that we learn about cases of massive leakage of personal data only years later as it was the case for example with the Yahoo Company. Under the GDPR, the processor is obliged to notify leakage or interference of data safety to the Data Protection Office within 72 hours after it became aware of it. In some cases, the processor has to notify the persons whose data had been in danger, too.
Moreover, the definition of the personal data has been extended. Newly, these are also e-mail, IP address, or cookie files in the users’ device. There is a new category of so called genetic and biometrical data that shall be in special stricter regime. There is much more in the GDPR. Address us for the comprehensive overview of new duties that are relevant just for you.
Every organization shall be able to prove its compliance with the GDPR throughout the whole time of data controlling. It is mandatory to prove that the organisation controls only data necessary for legitimate purpose. We provide legal assistance to entrepreneurs and non-commercial entities to adapt for new legal obligations. This can be on the ad hoc basis regarding just a specific duty, or in the form of a general comprehensive legal concept preparation for the individual needs of the client.
GDPR introduces astronomic penalties in case of breaches. Similarly to the market competition regulation, these penalties may be exceeding the level of current penalties multiple times. The maximum penalties are 20 million euro or 4% of the yearly turnover (the higher from the mentioned). In addition the companies may face consumer trust damage and reputation losses.
It is important to mention that the maximum penalties may be imposed not only on big international corporation but also to a small company with five employees if they do not manage to comply with the rules and principles of the GDPR. Therefore, we recommend highly to our clients to pay sharp attention to this area and we helping them to adjust their internal processes so that they avoid any possible troubles in this respect.
We provide especially the following legal services in relation to the GDPR:
- Setting up internal processes to comply with the principle of data protection by design and by default;
- Preparation of the DPIA alias Data Protection Impact Assessment;
- Appointment of the DPO (Data Protection Officer);
- Legal assistance regarding psedonymisation of personal data;
- Record keeping on the data processing;
- Representation in front of the supervising agencies, as well as in disputes with data subjects in courts.