31.05.2021 11:21
At the moment, the European General Data Protection Regulation, known as GDPR, is an intensely medialized subject. Already last year, we have mentioned in our news bulletin the fact that the laws covering personal data protection will undergo significant changes. The new legal framework for data protection, at the heart of which is the General Data Protection Regulation, has been adopted and published in the Official Journal of the European Union in the first half of the 2016. We dedicated one of our breakfasts to the subject soon after.
The General Data Protection Regulation will come into effect as of May 25th, 2018. Until then, we have to prepare appropriately, taking into account, among other things, that the new data protection law sets a unified penalty for all EU countries, and establishes a maximum sanction of 10.000.000 EUR, or 2 % of the global economic turnover for the previous financial year, and in the case of a violation of certain legal obligations set by the Regulation a fine of up to 20.000.000 EUR, or 4 % of the global economic turnover for the previous financial year.
While the basic principles of the legal aspects of the GDPR remain the same, the new legislation imposes a number of new responsibilities, especially ones of an administrative nature (documenting each processing operation, right to portability format). In other words, it often modifies the current legal responsibilities (for instance the responsibility to inform affected persons/entities, the right of data subjects to access information, and the right to a copy of the information), and modifies the way in which those responsibilities are carried out. It is therefore necessary to review and supplement documentation and internal rules having to do with personal data protection.
Our firm is fully prepared to provide comprehensive legal services in this area and help you with all paperwork pertaining to personal data protection, including but not limited to:
- – drafting of comprehensive internal documents about personal data protection, including setting up procedures for reporting of personal data protection violations in such a way as to comply with the compliance system required by the corporate criminal liability act;
- – drafting of the consent with the processing of personal information for marketing purposes, modifications to the organization´s general terms and conditions and other sales documents;
- – drafting of processing agreements and creating communication channels between controllers and processors, between co-controllers, or within chains of processors;
- – establishing of rules for data portability, for the right to information, the right of access and the right to object;
- – determining the best tools for transferring personal data to a third country;
- – training and certification of personal data protection officers;
- – drafting of records documenting each processing operation;
- – establishing of rules and internal processes which allow for the right to be forgotten;
- – creating or adjusting standard codes of conduct.
There are a number of companies on the market offering without proper notice complete documentation for personal data protection, despite the fact that no implementing regulation, methodological guidelines and other documents envisaged by the GDPR have been issued to date, in the light of which it will be necessary to adjust individual processes concerning the handling of personal data, if they are to aid the data controller to secure maximum protection and prevent the aforementioned sanctions.
We´re convinced that in order to properly set up processes and draft the underlying language in the documentation of all that pertains to personal data protection, an analysis of a given organization, an understanding of its function, and a detailed audit of individual personal data operations are necessary. Only on the basis of information gained in this manner and only once the implementing regulation, envisaged in the General Data Protection Regulation, is published as well as the methodological guidelines of the European Data Protection Officer come into effect will it be appropriate and effective to create company documentation for the protection of personal data and to outline the pertaining procedures.
Our firm is prepared to immediately audit the handling of personal data at your organization, assemble all necessary information, and, in the second half of this year, once the aforementioned regulations and documents become available, work with you to prepare documentation for your company´s data protection and adjust all pertaining processes in such a way as to satisfy you while providing you with maximum protection.
We can provide you with documentation of data protection in English, German, and Polish.
Here, we should also mention that we are preparing a training seminar for data protection officers for September 2017. We´re prepared to educate employees you designate as personal data protection officers and to take charge of their continued education.
We will dedicate September´s client breakfast, from the series „Breakfast with Law,“ to the subject of the new laws surrounding personal data protection, which will be led by a member of our law firm and an expert on the subject, who has been studying personal data protection for over ten years, is the author of a number of publications and articles, and, most importantly, the author of the commentary accompanying the personal data protection act, JUDr. Jakub Morávek, Ph.D. If you are interested in joining us, contact snidane@akf.cz.