What is GDPR and how does it affect you?

What are the main changes?

• The „right to be forgotten“ will be written into legislation and does not stem from the court practice alone anymore
• Data portability – personal data should be accessible for the persons and also it should be portable
• Person’s consent is not for ever – more stricter rules are set forth in case the personal data is processed with persons consent
• Obligation to appoint data protection officer – the need to appoint one will be determined with an audit
• Authorizing others to process the personal data – more stricter rules and the person offering the service is in accordance with data protection rules
• Data protection principles – data protection principles should be followed, so that data security is assured in every process

One of the motivation to follow the rules, are certainly the very high penalties: in the amount of 20 000 000 euros or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

Besides the new and more strict rules, the GDPR will have effect on very many companies. The GDPR will affect every EU’s company, which is processing personal data (even employee’s data is enough and does not have to be EU citizen’s data), every non-EU company which is processing EU citizen’s data (even if the company is not located in the EU) and also every non-EU company if it has office in EU or they process EU citizen’s or resident’s personal data.

As the regulation’s scope is very wide, every company should analyse whether they fall under the scope of GDPR and might there be a possibility to avoid that. Otherwise the grave penalty may be just an inch away. Data protection experts can help with the analysing and give advice how to proceed. Even taking the first step might mediate the risks.

Need more information regarding GDPR and its applicability? Contact NJORD attorneys Katrin Sarap and Liisi Jürgen.