Protection of personal data, GDPR
The General Data Protection Regulation („GDPR”) entails a change in the philosophy of personal data protection.
It is based on the principles of risk assessment and accountability.
In line with this approach, compliance with data protection rules depends on the nature, scope, context and purposes of data processing, on the risk of infringing the rights and freedoms of data subjects and on the interests of the data controller.
The GDPR came into force on 25th May 2018. It applies directly to all entrepreneurs who process personal data within the European Union.
Every entrepreneur is obliged to ensure ongoing compliance with the Regulation. Compliance is a continuous process, not a one-off assessment.
The GDPR requires implementing a strategy based on data processing risk assessment. It also requires the updating of existing company documentation and procedures.
The GDPR’s accountability principle means that entrepreneurs are responsible for demonstrating their compliance with its rules.
The high financial penalties set out in the GDPR mean that personal data should be a key area of your company’s compliance focus. Fines can be imposed up to 20 million euros or 4% of the company’s annual worldwide turnover.
How we can help?
Contact us
Katarzyna Szczudlik, FIP, LLM, CIPP/E, CIPM
Partner
