The New European General Data Protection Regulation (“GDPR”) – time to panic or time to transform?

The new EU Regulation 2016/679 the “General Data Protection Regulation” (“GDPR”), is a European Regulation which has already come into effect and is due to be implemented on the 25th of May 2018 aiming in the creation of a much stricter and tougher data protection regulatory framework of personal data of European Citizens.

The GDPR enhances the protection of European individuals, by making it applicable to all companies and institutions whether located in Europe or not, as long as they processing data of European citizens. Therefore, the criteria for whether the GDPR applies to your company does not depend on whether your company is based within Europe, but on whether your company is in possession, stores or processes data information of EU citizens.

The GDPR consists of 99 Articles and has created unease to many organisations and companies, as they must “get ready” before its implementation. All companies must ensure that their data (the way data is stored, processed etc) is in full compliance with the provisions of the Regulation by the 25th of May 2018.

Non-compliance with the GDPR may have a fatal impact on a company, since contraventions of the Regulation will be punishable by fines of up to either €20 million or 4% of the total annual worldwide turnover of the company, whichever is higher. Thus, it is only natural that businesses are at “unease” in order to make sure that everything is put in place, on time.

However, the GDPR should be seen as a positive way forward, enhancing EU citizen data protection and simultaneously providing all companies with a strategy to possess and process all individual’s information in a more efficient and targeted way. After all…why not?

Steps forward:

• Assess whether the GDPR applies to your company / organization and whether it is subject to its provisions – Is your company, of any size and maturity, in possession or processing data of EU citizens? Then the answer is YES.

• If the answer to the above is YES, then you must increase awareness of the new GDPR within the company, and start by editing all privacy notifications as well as making sure that each individual consents to giving his/her personal information to your company for the specific intended purpose.

• Ensure that the procedure applied in your company is in compliance with the GDPR provisions – the way the data is stored and at which point the information may or has to be deleted.

• Ensure that the procedure applied with regards to electronically shared data is in compliance with the GDPR and make sure that no information / data is processed in a way that may eventually be used by another organization – whether affiliated to your company or not.

• Assess whether you are a “processor” or a “controller” or both!

• Determine whether you need to formally appoint a Data Protection Officer, in order to ensure compliance with the GDPR as well as making sure that the proper infrastructure for identifying, handling and reporting a possible breach of the Regulation is in place.

Although the implementation of the GDPR has “set an alarm”, the reality is that with the correct guidance and professional assistance, setting the adequate basis for compliance with the Regulation can be done, by taking some positive steps.

For more information and consultation on the matter you can contact us on info@liveralaw.com. We will be happy to assist you.

Featured Posts
Posts Are Coming Soon
Stay tuned...
Recent Posts
Archive
Search By Tags
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
CONTACT
LOCATION

1-3 Bouboulinas Street, Building Bouboulina

3rd floor, office 34

1060 Nicosia, Cyprus

P.O.Box 23774

The materials contained in this web site are provided for general information purposes only and do not constitute legal or other professional advice. Neither Agni Livera LLC nor any of its partners or employees accept any responsibility for any loss which may arise from reliance on information contained in this site. Permission is given for the downloading and temporary storage of one or more of these pages for the purpose of viewing on a personal computer or monitor. The reproduction, permanent storage, or retransmission of the contents of this web site is prohibited without the prior written consent of Agni Livera LLC. Certain parts of this site link to external internet sites, and other external internet sites may link to this web site. Agni Livera LLC is not responsible for the content of any external internet sites. The host server for this web site is located in Nicosia, Cyprus. ©2018 Agni Livera LLC created by DesignLab