Reform of the European law in the field of personal data
On May 25, 2018 General Data Protection Regulation (GDPR ) became effective, it changes the former legislation of the European Union on personal data. GDPR approved by the Act of the EU 2016/679, replaces former Directive, and unlike Directive has direct implementation in all member states.
Goal of the Refom
Strengthening privacy protection in the EU and restructuring work of companies using personal data
Who needs to comply with the new regulation?
Not only companies present on the territory of the EU, but also non-residents selling goods or services in the US, monitoring data of the EU citizens. These changes affect a wide range of companies in different sectors of economy (financial, technological, media, educational, logistic, pharma and clinical research, e-commerce and many others).
What is "personal data" in the light of GDPR?
Any information regarding persons (Data Subject) which can be used to identify them (mails, photograps, social network pages, IP addresses and other information)
- stricter transparency regulations for storing data
- «right to be forgotten» - info system of the company must be set in such a way that any data can be removed forever
- strincter rules for obtaiing consents
- liability of companies for personal data infringement of their subcontractors
Starting from May 25 companies which do not comply with new regulations could face significant financial riscs and be subject to fines up to 4 % of the annual income or 20 000 000 EURO.