GDPR – General Data Protection Regulation is the new EU data protection regulation. It came into force on 25 May 2018, yet not everyone is ready for it.
GDPR – General Data Protection Regulation is the new EU data protection regulation. It came into force on 25 May 2018, yet not everyone is ready for it.
The regulation has brought a number of new features, such as a greater emphasis on the security of personal data, the right to portability of automatically held data and the right to be “forgotten” (i.e. not to appear in search results, etc.).The GDPR applies to all companies and institutions, but also to individuals and online services that process user data.
In particular, businesses need to urgently adapt their terms and conditions and other legal documents in order to properly use personal data in their databases. They must also better secure these and take note of new and higher sanctions.
The regulation is a response to the ever-growing jungle of personal data in the online world. The legislators’ intention was to give European citizens more control over what happens to their data. That’s why, in addition to the GDPR, the European Union is preparing an ePrivacy Regulation. This is intended to be a complement to the GDPR. The general GDPR only protects personal data. In comparison, the forthcoming ePrivacy Regulation guarantees the confidentiality of all electronic information, regardless of whether it contains personal data. However, it is currently being heavily criticised.
As mentioned above, the GDPR introduces a number of new rules (data portability, regulation of profiling, etc.) while developing existing ones. Compliance with all the rules will have to be demonstrated by each controller and processor of personal data at all times during processing. It is therefore necessary to adapt existing documents and, as the saying goes, “set up processes” for the future.
The GDPR applies globally to everyone who processes personal data, everyone who moves within the EU. With it, the authors promise a clear and uniform framework for the protection of personal data.
They aim to establish the trust that will allow the digital economy to develop across the EU internal market, primarily through a uniform level of protection and the elimination of national differences. It is therefore also an opportunity and the Regulation offers the possibility to ‘play’ with the client database and manage it better and more securely. On the other hand, it also brings an extension of existing obligations, confusion and a lot of red tape. Only the future will therefore show what impacts will prevail. It must be stressed that the basic principles and principles of data protection remain essentially unchanged (the need to have a legal basis for processing, security of personal data, transparency towards the data subject, etc.).
Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.
However, the General Regulation develops these principles and introduces new obligations:
However, most small businesses do not have to worry about the obligation to appoint a data protection officer. A data protection officer must be appointed in three cases, i.e. if:
Examples of large-scale processing of personal data under the GDPR include the processing of patient data in the course of the normal activities of a hospital, the processing of travel data of individuals using public transport (e.g. tracking via chip card) or the processing of personal data by a search engine for the purposes of behavioural advertising.
Another interesting novelty is the so-called portability. This is actually an extension of the right of access to data. It can be exercised subject to two conditions which must occur simultaneously: i.e. A. the processing is based on the person’s consent or on a contract and B. it is carried out by automated means. The right to data portability is then reflected in the obligation of the controller to transmit to the data bearer all information processed about him in a structured, commonly used, machine-readable format. By exercising this right, a person gains greater control over his or her personal data and also has the possibility to transmit it in the form thus obtained to another controller.
The last innovation we will mention is the so-called profiling. This is, in very loose terms, automated processing of data which has direct consequences for a specific person – an automatic evaluation of that person. For example, online banking often offers pre-approved loans of a certain value. Profiling is not prohibited, it just needs to be explicitly disclosed.
Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.
Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.
In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.
