General Data Protection Regulation (GDPR)
The task of managing data is becoming increasingly complex for individuals and companies alike. The General Data Protection Regulation (GDPR) is on the horizon and EU entities will be expected to understand the implications and comply with the rules if they provide goods or services to citizens.
GDPR significantly increases the rights of UE citizens to access their data electronically, to have it corrected or deleted and to scrutinise data processing. The penalties for non-compliance have also risen sharply, requiring proper judgement and design to be applied to data collection and rapid notification if data is lost. So far, the fines for non-compliance were trivial but from May 2018 – the fines will be really significant (4% of the annual turnover or up to Eur 20 m).
We advise our clients on how best to achieve their strategic objectives whilst complying with this evolving regulatory regime. We can highlight gaps in compliance and explain how to implement the policies and procedures needed, as well as dealing with any incidents that may occur while processing personal data.
Our team comprises data protection experts as well as non-lawyer cyber security specialists, allowing us to give the full spectrum of advice. The GDPR regime is likely to introduce both process and technology changes that we can guide our clients through, from the initial data audit and ongoing compliance to industry standard benchmarking techniques.
The most common mistake which must be avoided in the case of capital groups is the lack of coordination between companies located in different jurisdictions. If the level of ‘adequateness’ adopted in Poland will be different from the level of ‘adequateness’ adopted in other states – it will make the defense against the regulator much more difficult. The assumptions made by companies from the same capital group should be consistent.
Please see also our brochure.