Spectator on facebook

Spectator on facebook

New rules for protection of personal data

Almost every company will be affected.

(Source: TASR/AP)

Huge changes await every company, big or small, that processes any personal data, regardless of whether it is the personal data of their customers or employees.

As of late May 2018, each company or organisation including those beyond the European Union (EU) handling data of EU citizens must follow the rules and requirements of the General Data Protection Regulation (GDPR). Those, who mishandle the personal data of customers, users, employees and associates will face huge fines.

The EU’s directive introduces unified rules across the board about how organisations create, capture, store and share personal information for the first time since the 1990s. On the side of ordinary citizens, it gives them easier access to the data that companies hold about them and obliges organisations to obtain the consent of people they collect information about.

“The GDPR could be perceived as a small revolution in the area of data protection,” lawyer Michal Porubský from the law firm Allen & Overy Bratislava told The Slovak Spectator. “It introduces new legal instruments as well as further develops and amends current ones.”

The regulation was adopted on April 27, 2016. It becomes enforceable from May 25, 2018 after a two-year transition period. When the GDPR takes effect, it will replace the previous data protection directive of 1995.

Most important novelties and changes

-obligation to notify a breach of personal data within 72 hours

-the Data Protection Office, which is the authority that will supervise sticking to the GDPR in Slova­kia, can impose a fine up to 4 percent of annual global turnover or €20 million for a breach of GDPR

-stricter conditions for acquiring consent with processing of personal data

-personal data protection should be part of the initial design stages and throughout the complete development process of new products, processes or services

-organisations and companies will not be allowed to keep data longer than it is necessary

-the right to be forgotten

-the change of the requirements for a responsible person

-changes in relation to the transfer of personal data abroad

-certification as acceptable mechanisms for demonstrating compliance

Novelties

Relevance of novelties the regulation brings depends on the nature of business.

“Definitely worthy of mentioning are the new obligations to notify breaches of personal data to the regulatory authority, which in our Slovak environment is the Data Protection Office, and to the ‘harmed’ individual within 72 hours as well as very severe fines, which may send the company directly bankrupt,” said Porubský.

A breach of the GDPR can be fined up to 4 percent of annual global turnover or €20 million. The maximum fine can be imposed for the most serious infringements, for example not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. The approach to fines is tiered.

Furthermore, the GDPR amends the re­quirements for a responsible person, introduces stricter conditions for acquiring consent for pro­cessing personal data, stricter rules for processors and introduces changes in relation to transfer of personal data abroad.

“Last but not least, the GDPR introduces completely new instruments such as new obliga­tion of Privacy by Design and by Default, a new form of the right to be forgotten, a one-stop-shop rule and the right to data portability,” listed Porubský.

Privacy by Design means that organisations need to consider privacy at the initial design stages and throughout the complete develop­ment process of new products, processes or services that involve processing personal data. Privacy by Default obliges to minimise the data processed in light of the reason it is sought and to process only necessary data.

The right to be forgotten will allow people to request that any of their personal data, that is stored without any compelling reason, be erased from a company’s records.

A new feature of the regulation is certifica­tion as acceptable mechanisms for demonstrat­ing compliance.

“If granted, it will declare a certain standard of personal data protection, which the control­ler keeps,” Lucia Bezáková, spokesperson of the Data Protection Office, told The Slovak Spectator.

Another new duty is, when the controller is planning to carry out processing that is likely to result in a high risk to the rights and freedoms of natural persons, to carry out assessment of the impact of the envisaged processing operations on the protection of personal data.

-To whom it pertains -Concerns of companies -Insurance may help

The rest of this article is premium content at Spectator.sk
Subscribe now for full access

I already have subscription - Sign in

Subscription provides you with:
  • Immediate access to all locked articles (premium content) on Spectator.sk
  • Special weekly news summary + an audio recording with a weekly news summary to listen to at your convenience (received on a weekly basis directly to your e-mail)
  • PDF version of the latest issue of our newspaper, The Slovak Spectator, emailed directly to you
  • Access to all premium content on Sme.sk and Korzar.sk

The processing of personal data is subject to our Privacy Policy and the Cookie Policy. Before submitting your e-mail address, please make sure to acquaint yourself with these documents.

Topic: European Union


Top stories

Yuri Dojc: I did not want to live under occupation

Slovakia is not even close to what I remember from my life here, says the Canadian-Slovak photographer.

Yuri Dojc today: "A reflection of an older man in the mirror with glimpse of an attractive woman , who is my wife"

We will not allow Ján and Martina to be forgotten

Statement from Slovak journalists half a year after the murder of Ján Kuciak and Martina Kušnírová

Illustrative stock photo

Our emigrants’ stories: lessons in humanity

Slovaks who fled the 1968 occupation tell us what it means to be a refugee.

Pictures from The Gift pantomime show. Milan Sladek wrote it in the Swedish Goteborg in 1969 as a metaphor of Czechoslovakia's cohabitation with the Soviet Union.

We were on the run, but we were welcomed Photo

Slovak-Swiss writer Irena Brežná was forced to emigrate but found a way to fill her life with meaning in a foreign land.

Irena Brežná arrives to Switzerland.