05.12.2017

News

Steps to comply with EU data protection regulation (GDPR) in Estonia

The GDPR stipulates that data controllers must maintain records of personal data processing activities. However, GDPR limits this obligation.

The obligation does not apply to an enterprise or an organization employing fewer than 250 persons unless the processing of data is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data.

As the aforementioned exceptions are quite vague, it should be examined how different data protection authorities (DPA’s) understand the obligation. The Estonian DPA, for example, is very strict and finds that a company should even keep a record of the processing of their own employees' data.

For more information, please contact partner Katrin Sarap or associate Siiri Kuusik.

Latest news

Why should you review you contracts in the light of the GDPR?

GDPR (General Data Protection Regulation) panic has created a need to review contracts more carefully before signing them, to make sure that one wouldn’t unexpectedly take on any new obligations regarding unknown subjects, that wouldn’t allow to focus on one’s main job obligations. Data processing contracts put massive obligations on the parties, including requirements for employees, devices, systems, security measures, certificates etc.

Data is a precious asset – are you keeping it safe?

New data processing principles, that will enter into force soon, will increase the administrative work load. The main principle of the young business culture is that one must work hard. Unfortunately, companies often fail to think about what would happen if the staff grew so large, that it would become impossible to be aware of everyone’s work, or what would happen if an employee would to quit.

Get the latest legal news

We gladly share our knowledge with you. Subscribe to our newsletters.

Subscribe here