We should like to inform you that as of 25 May 2018 the General Data Protection Regulation will become valid throughout the European Union, replacing the existing legal regulations. During this period, all concerned entities are obliged to revise their information systems and personal data treatment procedures. Numerous mechanisms included in the GDPR are known from the current legal regulations. However, some new duties are also introduced. These duties concern, among others, the mediators who will play a much more active role in the personal data protection.
The GDPR considerably reinforces the individual rights of citizens. The regulation also introduces the so-called responsibility principle. The latter rules data operators and mediators to bear the responsibility of implementing technical, organizational, and processual measures in order to be in conformity with the GDPR principles regardless of their size or the number of employees.
The introduced changes also concern sanctions that will be significantly tightened up. In case of violation, failure to implement or be ready for the new regulation, the concerned entities are subject to considerable fines that may in many cases lead to bankruptcy. Their maximum limit is 20 million EUR or 4% from the global annual turnover of the company (the higher option applies). The total amount of the fine will depend on many factors, such as the nature, severity and the duration of the violation, the number of aggrieved citizens, the extent of the damage, the measures taken by the operator or the mediator to mitigate the damage, etc.
The GDPR currently represents a very active topic and, if you are interested, we can provide the required expert consultancy, especially to make your company ready for the upcoming changes.
