|General Data Protection Regulation (GDPR) brings severe financial penalties for non-compliance: Prepare yourself!
The new GDPR will apply from 25 May 2018 in all member states of the European Union and will force entrepreneurs to put more attention on data protection law. Every company that is using personal data of natural persons will be affected by the GDPR. With the adoption of the new regulation, the legislator took account of the increased importance of data in our time – “data is the new gold”.
Infringements of the provisions stipulated in the GDPR are subject to administrative fines up to 20 000 000 EUR, or 4 % of the total worldwide annual turnover of the preceding financial year. There are no exceptions for small enterprises. Given the gravity of these sanctions, compliance with the GDPR is urgently recommended.
The duties set forth in the GDPR are broad and range from the creation of records of processing activities (which should answer the following questions: what and whose data is processed for what purpose? To whom is it transferred? How is it protected and when is it cancelled?), to carrying out a data protection impact assessment and implementing technical and organization measures, which shall ensure data security. Furthermore, for many companies the designation of a data protection officer will be mandatory.
Since all these obligations shall be met by May 2018, many companies have already launched internal projects to adapt all transactions which are relevant in the light of data protection law, i.e. almost every transaction, even handling applications and contacting customers, to the requirements set forth in the GDPR. Internal data processing policies and employee trainings shall help to establish awareness and knowledge of the obligations existing under data protection law. Moreover, the documentation of such measures serves as a proof that the company is aiming for GDPR-compliance.
Our law firm has been dealing with the new GDPR since it was first published has and assisted many renowned companies in taking the necessary steps for its practical implementation. Every enterprise needs an individual solution, corresponding to the specific issues arising out of the concrete business activity. Our services in this context comprise:
- GDPR awareness workshops for the management;
- Assistance with gathering information about existing data processing activities and analysis of the necessary measures;
- Revision of existing data protection policies and declarations of consent, in order to align them with the stricter GDPR-requirements;
- Drafting written contracts between controllers and processors;
- In case you are part of an international group structure: support in implementing projects, which might have already been determined by headquarters.
For further queries please contact:
Dr. Claudio Arturo
Petsch Frosch Klein Arturo Rechtsanwälte